Posted on Nov 25, 2022 by E-SOLUTIONS IT SERVICES UK LTD
Purpose of the Role:
As a software-based and data-driven bank, the role of the AppSec engineer will support the IT department to ensure that every step of the software development life cycle (SDLC) follows security best practices.
Working closely with the development team to help them understand what security flaws they need to watch out for, and how to fix the ones already present in the apps. The successful candidate will help the bank evolve its application security functions and protect the banks applications from security attacks, by developing, inserting, and testing security components that make the applications more secure.
Understanding technology change controls is critical to this role and the AppSec Engineer must be prepared to consider all impact of change.
Bringing this technical expertise in house will allow for the bank to continue to enhance its security posture to benefit both the users and our customers, while maintaining the knowledge internally and reducing the dependency on external contractors.
- Promote a culture of security throughout the SDLC by advocating a shift left mentality to ensure possible threats or security issues can be addressed early
- Drive the security mindset into the teams who ae responsible for the applications they create, maintain, and run.
- Help build the Application Security strategy for the bank and assist defining the secure code development framework for the bank
- Defining security requirements, guidelines and policies for our developers, platforms, tooling, and services
- Be an Subject Matter Expert' within specific areas of Application Security (OAuth, SAML, API Security etc.)
- Perform threat modelling, assess security controls, and recommend best security practices, methods, and tools
- Work with developers to perform security testing - both manual and automated, triage and remediation
- Orchestrate web and mobile application penetration testing when required
- Implementing advanced testing applications by patching and utilizing shielding tools that harden the banks applications
- Maintaining technical documentation
- Identifying new technologies, tools, and approaches to help continually improve the banks security standards and qualities.