The Application Security Assurance Specialist - Principal (P3) is responsible for overseeing the security assurance processes within software development and deployment pipelines across diverse methodologies. This role champions proactive integration, governance, and enhancement of security controls, ensuring the maturity and effectiveness of application security frameworks to safeguard critical business systems. Key Responsibilities Security Governance and Integration • Define and enforce embedded security practices across SDLC and CI/CD pipelines, ensuring compliance with organisational security policies and standards. • Oversee the integration of advanced security tools (e.g., SAST, DAST, SCA, automated secret scanning) with development environments. • Provide technical guidance on security configuration management, deployment hardening, and secure integration of tooling across all phases of software delivery. Application Security Assurance • Conduct in-depth security risk assessments for high- and low-level technical designs, evaluating compliance against OWASP, CIS Benchmarks, and secure coding standards. • Perform comprehensive security testing across application environments, including API security, container scanning, and dynamic runtime assessments, while evaluating residual risk post-assessment. Strategic Consultation and Advancement • Collaborate with stakeholders to assess the security maturity of existing practices and recommend improvements aligned with compliance requirements and delivery velocity. • Provide expert-level recommendations on the refinement of automation processes, risk mitigation strategies, and the deployment of compensating controls where necessary. • Evaluate emerging technologies and leverage AI-driven application security tools to optimise assurance activities. Collaboration and Leadership • Partner with development and DevSecOps teams to embed robust security measures within workflows, ensuring alignment with secure coding standards and organisational priorities. • Actively engage in the training of development teams, fostering a culture of security awareness and empowering stakeholders to implement best practices. • Lead cross-functional teams to complete security assurance initiatives effectively. Reporting and Documentation • Generate actionable reports and presentations tailored to technical and non-technical audiences, highlighting findings, severity assessments, and remediation tracking. • Maintain clear, auditable documentation for compliance purposes and contribute strategic insights into executive-level reviews. What experience youll bring: Required Qualifications • 5 Years experience in providing technical expertise in managing security frameworks and tools (SAST, DAST, SCA, container security, etc.). • Advanced knowledge of application lifecycle management methodologies (Waterfall, Agile, DevSecOps, CI/CD). • Strong understanding of compliance with standards such as OWASP Top 10, NIST CSF, and CIS Controls. • Demonstrated ability to lead security assurance initiatives across complex development environments. • Proficiency in designing and executing technical assessments and risk evaluations. Other Qualifications • Familiarity with AI-driven application and security testing tools and their integration within pipelines. • Professional certifications such as CISSP, CSSLP, or similar. • Experience in development enablement through the creation of secure coding frameworks and tools for automated quality assurance. Success Metrics (6-12 months) • Complete security assessments for critical systems within stipulated timelines, ensuring vulnerabilities are resolved collaboratively with development teams. • Successfully integrate comprehensive security controls into CI/CD pipelines, automating compliance checks. • Reduce incident response time by identifying and remediating residual risks before go-live stages. • Achieve alignment and certification for designated projects against OWASP and CIS standards within established business constraints.