The team is responsible for safeguarding the security of closed‑source, open‑source, and proprietary applications. We ensure that applications are developed and implemented securely, detect risks, and expedite remediation through penetration testing.
Collaborating closely with Software Development teams, you will translate application‑based vulnerabilities into actionable mitigations. A solid grasp of Secure Development Lifecycles (SDL) and code assessment is essential.
The role sits within the broader Information Security department, working alongside engineers and analysts from diverse backgrounds. Together, we use bespoke tooling to detect and neutralize threats to the business.
We integrate AI to enhance our security processes and practices, and you will play a key role in leveraging this technology to bolster our application security.
This role is eligible for our hybrid working‑from‑home policy.
Preferred Skills and Experience
* Understanding of and demonstrable experience with automated, dynamic, and static application security testing tools, as well as manual testing to identify vulnerabilities and logical issues.
* Knowledge and understanding of the Open Web Application Security Project (OWASP) and its application within threat modeling.
* Familiarity with software development and programming languages.
* Working knowledge of CI/CD pipelines and associated security tooling.
* Experience conducting and reporting on web application penetration testing.
* Strong communication and documentation skills.
Responsibilities
* Provide support to senior team members and mentor junior members.
* Actively contribute to projects to ensure information security aspects are considered from the outset and throughout the project lifecycle.
* Contribute to and continuously improve company security testing methodologies, updating documentation as needed.
* Perform manual and automated code reviews and escalated remediation where appropriate.
* Support software development teams to embed security throughout the development lifecycle.
* Improve supply chain assurance processes, identifying flaws and vulnerabilities.
* Perform risk assessments, threat modeling, and design reviews to validate effective security controls.
* Identify opportunities to convert manual tasks into automated processes.
Seniority Level
* Entry level
Employment Type
* Full‑time
Job Function
* Information Technology
Industries
* Technology, Information and Internet
#J-18808-Ljbffr