Your new team: The Application Security team, a part of the wider Cyber Security team, partners with our engineering teams to enable DevSecOps by integrating security into the software development lifecycle through the following services:
Tooling and Automation: Embedding security tools and automation into the SDLC (such as Snyk and GitHub Advanced Security) to allow developers to self-identify security issues early in the development cycle.Training: Delivering training on secure development practices to engineering teams via our e-learning platform, AppSec Champions academy, brown-bag sessions, and tailored in-person workshops.Consulting and Code Review: Providing specialist code review and practical security advice to development teams, with a focus on ensuring that secure development practices are in place from day one, developing patterns and practices, and helping solve development-time security challenges.Your impact and contribution: As the Application Security Consultant, you will work across development and automation, while supporting the wider Cyber Attack teams. You will deliver Application Security services including training developers, supporting our AppSec Champions program, and developing and governing application security tooling.
Provide advice on code security in the software development lifecycle.Develop and/or conduct training and support guides on best practice secure coding for application development.Support static, dynamic, and other security analysis tools, and help to identify and triage findings from these tools.Perform manual code review where required.Experiment with, develop, maintain, and/or operate tools for application security automation such as fuzzers, code scanners or other tools with a focus on AI.We are interested in people who: This role is for someone with a background in software development with a strong understanding of cyber security (or vice-versa).
Development experience working across one of either Java, Python, or C# - essential.Experience across CI/CD/DevSecOps - essential.Offer expert knowledge across best practice software security including OWASP Top 10 or ASVS frameworks - highly regarded.Understanding or experience in AI/LLM development - highly regarded.Experience in using or operating application security tools such as Snyk, CodeQL and Burp Suite - highly regarded.Support reporting and governance activities, including delivery of metrics, development of standards and procedures, and liaise with risk management colleagues.
#J-18808-Ljbffr