As a Junior Information Security Specialist, you will focus on securing applications through analysis of code, supply chains and threat modelling, to ensure the effectiveness of security measures.
The application security team deal with the security of closed source, open source and proprietary applications. It is our mission to ensure applications are developed and implemented in a secure manner and any identified risks are remediated efficiently through penetration testing.
You will work alongside our software development teams to ensure application based vulnerabilities are understood and mitigated.
The wider Information Security department is comprised of engineers and analysts from varying backgrounds. Collectively, the team utilises enterprise and bespoke tooling to identify and mitigate threats, safeguarding the Company.
We utilise AI to enhance our existing security processes and practices. You will play a key role in our journey to leverage this powerful technology in strengthening our application security.
This role is eligible for inclusion in the Company's hybrid working from home policy.
Preferred Skills, Qualifications and Experience
* Knowledge of a broad range of Information Security topics.
* Educated to degree level in an information technology subject or similar discipline, or other demonstrable experience.
* Knowledge of Secure Development Lifecycles and the assessment of code.
* Understanding of automated, dynamic and static application security testing tools, as well as manual security testing to find vulnerabilities and logical issues.
* Familiar with OWASP (Open Web Application Security Project) and it's utilisation within threat modelling.
* Basic knowledge of software development and programming languages.
* Basic understanding of conducting and reporting on web application penetration testing.
* Strong communication and documentation skills.
Main Responsibilities
* Supporting the project process to ensure that information security aspects are considered up front and throughout the project lifecycle.
* Performing manual and automated code reviews, escalating remediation where appropriate.
* Providing support to software development teams to ensure security is considered throughout the development lifecycle.
* Conducting reviews on third party packages and software to ensure compliance with the Company's supply chain assurance processes, identifying flaws and vulnerabilities.
* Performing basic risk assessments, threat modelling and design reviews to ensure effective security controls are in place.
* Identifying opportunities for converting manual tasks into automated processes.
By applying to us you are agreeing to share your Personal Data in accordance with our Recruitment Privacy Policy which can be found