Senior Security Engineer
Full Time Senior Security Engineer Vacancy Available - Reading
- Reading, (Working From Home currently)
- ??414 per day PAYE + Holiday
- ??525 per day - Umbrella
Monday to Friday (full time)
A key member of the Global Security Architecture & Engineering team within the Global Security function of Technology Operations; responsible for Application security design, architecture, engineering and testing within a project capacity with a view to ensuring the company is in line with security & compliance requirements. Drive and implement solutions for reducing technical risks and a reduction in security vulnerabilities by developing and working with both in-house and outsourced Development teams to introduce and maintain Secure Software Development Programs.
- Responsible for Security implementation of GDO projects across T&I, delivering high quality services and creative solutions across all application development platforms
- Perform design reviews of new applications, products, and services to identify potential risks and recommend appropriate mitigations.
- Perform security assessments/penetration testing of applications
- Carry out code review of high-risk application code
- Perform post incident root-cause analysis and develop and implement strategies to prevent recurrence
- Create technical security standards for relevant technologies
- Assist with development and delivery of the clinets application security strategy
- Responsible for monitoring and driving Application Security Compliance during project life cycle
- Work with stakeholders to implement security solutions and initiatives addressing new vulnerabilities
- Delivering the technical aspects through plan > design > build for project & compliance security testing
- Responsible for development of solutions to secure architecture requirements and standards.
- Engage across multiple functions on a global level to ensure Code Development Lifecycles are in place and application verification is drive through all application development programs.
- Ensures accurate delivery progress reporting is completed and communicated to relevant stakeholders
Experience and personal attributes
- Minimum 5 years' hands-on experience of application security. This could either be as an AppSec specialist within a security team, or as a developer with significant experience of securing and defending applications against real-world threats
- Authentication/Authorization frameworks eg OAuth
- Knowledge of common infrastructure technologies used to deliver and support applications eg Linux, Windows, databases, load balancers, containerization, public/private cloud environments.
- Strong written and verbal communication skills, ability to form strong business relationships across multiple locations. Ability to create management reporting to convey operational metrics, trends or other key information.
- Strong experience in designing, integrating and deploying security solutions in a dynamic, high pressure working environment
- Demonstrate strong influencing and persuading skills, encourage colleagues and teams to change established processes and achieve improvements and best practice
- Experienced at identify security flaws in applications via architectural assessment and threat modelling
- In-depth knowledge of security aspects of at least two of the following:
- Modern web applications and related technologies (Angular, React, Jquery, Spring, etc).
- Android and IOS mobile applications
- APIs and micro services
- Experience of manual security testing of applications using relevant tools (eg Burp suite, Nikto, SQLmap)
- Familiarity with common application related compliance requirements - GDPR, PCI-DSS, CAS-T
- Timeliness in all actions with quality consciousness towards services received and provided
- Experience of analysing, assessing and resolving complex technology requirements, problems and issues
Specific Skills & Abilities:
- Co-creates and executes Strategy
- Implements on the T&I objectives as reflected in the company's strategic objectives and the pillars of one promise, one plan, one company
- Innovates with a customer focus
- Surprises and delight our customers and innovates based on the needs of tomorrow
- Entrepreneurial Drive for Results
- Tenacious and relentless in their drive for results. Striving to achieve simplicity for our customers and employees
- Lives One Company
- Works across our Matrix/footprint to achieve the best outcome for the business, our customers, employees and shareholder
- Substantial experience and knowledge of network security risks and resolutions obtained with a major network operator
- Detailed and extensive technical knowledge of security challenges, risks, technologies, architectures and systems
- In depth understanding of technical trends and developments within the Telecoms/IT industry