Application Information Security Specialist - Richmond, Surrey
My client are a world leading events business, based in Surrey. Rated as one of the world's most innovative companies with over 7,000 technologies, they offer solid opportunities for progression and learning.
Their highly motivated and enthusiastic cross functional team builds a market place connecting exhibitors and buyers to support our global events business. They are looking for an Application Information Security Specialist to work with ISMs, Product Owners, Technical Leads etc. to validate and ensure the security of their services ecosystem.
- Ensure suitable secure testing happens through the SDLC, and company security policies
- Ensure policies are upheld, relevant security controls and standards are included within the design and security awareness provided to all engineering staff
- Conduct technical risk assessments i.e. vulnerability scanning, penetration testing etc.
- Handle service requests from the business and tech teams
- Analyse and validate requirements, define access rules, script changes and provide troubleshooting support relating to access issues
- Lead analysis and review security events for anomalous activity
- Assesses and measure security programs to ensure closed loop operations
- Develop and implement security programs: manage and execute project deliverables; develop program procedures including guidelines and flow diagrams; and develop tools or metrics that allow for measurement of successful program implementation
Skills & Experience:
- Advanced knowledge of security environments. Experienced in application and information security architecture, risk assessments, vulnerability and penetration testing
- Ability to conduct technical risk assessments for new applications and third parties
- Threat modelling, risk analysis, design and architecture of security principles for applications, APIs, Data and communication protocols
- Excellent understanding of NIST cybersecurity framework, SAS70 and/or other standards
- Detailed knowledge of application and information security testing tools (static, dynamic and web/api/mobile vulnerability scanning), standards and OWASP guidelines and security testing throughout the product development life cycle
- Experience of working in a mixed OS, Cloud, SaaS, Web, API and Mobile Application environments
- Good understanding and working knowledge of relevant legal frameworks, licensing, Data Protecting and GDPR
- Experience of security concerns at the networking layers
- Knowledge of current and emerging cyber threats
If you'd be interested to find out more, please apply with a copy of your CV and I'll be in touch.