Joining a team of Application Security engineers to perform Ethical Hacking, security vulnerability assessments and reviews.
We are looking for suitable candidates to join the Cybersecurity Application Security team to provide Dynamic Application Security Testing (DAST), Remediation and support services.
Efforts will include:
• Acting as an internal consultant embedding security into the day to day activities of our development and DevOps teams
• Driving secure application development practices and a secure development mentality
• Application vulnerability assessments (DAST) focused on web applications & web services
• Identifying, communicating, and providing targeted remediation of vulnerabilities
• Developing and updating security patterns aligned with security requirements
• Identifying application security requirements for projects
• Coordinating and collaborating with multiple teams to ensure the confidentiality, integrity, and availability of Prudential assets that meets business needs
• Performing other security-related projects that may be assigned according to skills
• DevSecOps, integrating DAST into CI/CD pipelines
Training & mentoring will be provided as required.
Desired Technical Skills
• Experienced with Dynamic Application Security testing and associated DAST tools
• In depth understanding of security risks such as OWASP Top 10 and SANS Top 25 vulnerabilities
• Hands on experience with DevSecOps and security tools used within CI/CD pipelines
• Experienced implementing vulnerability remediation
• Knowledge of Web application design and development
• Working knowledge of Web based technologies and knowledge of SQL, XML, SOAP, REST, AJAX, Python.
• Knowledge of micro-service architectures
• Experience of security within cloud environment. AWS preferably or other cloud technologies such as Azure.
• Proven record of designing and implementing training programs for application security testing
• Excellent communication, time management and organizational skills.
• The ability to work independently as well as perform as part of a team
• A motivated, enthusiastic and flexible approach to work in an adapting fast moving environment.
• Can demonstrate strong performance ethos and deliver outstanding customer service
• Ability to interface with both technical and non-technical application owners to discuss their vulnerabilities.
• Provide guidance to all parties for remediation of identified application vulnerabilities.
• Proven record of dealing with both staff and project related issues
• Must be a key player within the team enhancing the skillset of all team members, providing mentoring as required
Qualifications & Experience
• Should be educated to degree/MSc. Level in Digital Forensics, Information Security or an IT related discipline
• Should hold relevant industrial security certifications, or willingness to acquire
• At least 5 years’ experience in a Dynamic Application Security Testing environment, with a significant focus on DevSecOps
• Financial services and development experience would be an advantage