Application Security Architect recruitment

The Application Security Specialist role is a role focused implementing, developing and owning the integration of security into the client's application software development lifecycles.

 A leading Global Dealer Brokerage firm is recruiting an Application Security specialist to work on a number of strategic Greenfield projects within the business.

The Application Security Specialist role is a role primarily focused implementing, developing and owning the integration of security into the client's application development/software development lifecycles. While this role is focused on application/development security, the role also encompasses other domains of information security risk management and their integration into the software development lifecycle.

Main tasks/activities:

- Own and drive the development of the client's secure software development program including the development and maintenance of policies and standards

- Liaise with the wider Information Security group to ensure consistency and alignment with broader information security strategy.

- Actively manage the security activities associated with secure software development to address existing and evolving risks and threats appropriately.

- Act as SME, provide consulting and support to application development teams.

- Work closely with development teams to remediate application vulnerabilities detected through security scanning tools.

- Perform source code reviews, to ensure secure software development.

Job requirements:

- University degree in Information Security or similar.

- Relevant professional qualifications/certifications (CISSP, CISM, CISA, CSSLP, SANS, CHECK, CREST).

- Good understanding of information security standards, frameworks and best practice (e.g. ISO 2700x, OWASP, ITIL, CoBIT).

- Experience in developing software in some of the following areas: C++, Java, C#, PHP, Perl, AJAX, SQL, SOAP, WCF, ws-*, REST, custom APIs, SAML,

- Good understanding of threat modelling and security strategic methodologies (e.g. STRIDE, OCTAVE, DREAD, OSSTMM).

- Good understanding and awareness of documentation required as part of the secure software development lifecycle.

- Is able to offer remediation and solutions to problems created by insecure code. is able to work with agile development groups and their delivery deadlines