Security Application Engineer

ITR Partners
12 Jan 2018
10 Feb 2018
Contract Type
Full Time
You will be working with the technology of choice for many of the UK's leading Benefits Consultants. You will deliver modern, flexible, device independent software that is quick to set up and easy to maintain for over 2 million employees to engage with their pensions and other benefits. My clients flagship product for employee benefit communication, is built using state of the art technology and Agile development practices. We are focused on delivering secure, high performing and scalable software. They are committed to running a Secure Development Lifecycle and is strengthening its UK software development organisation. This role is ideal for Developers who have taken a career turn towards Security or those with experience within Software Testing/Security. Areas of responsibility: Analysis of IT systems architecture in terms of security and risk/threat modelling Review proposed security features of the product with the Product team Automation of security testing process Review security aspects of requirements specifications and technical design documents Create detailed, comprehensive and well-structured security test plans and test cases Estimate, plan, coordinate and execute secure testing activities Carry out manual and exploratory testing Design, develop and execute repeatable automation scripts Run, document and communicate penetration testing results per sprint Review and assess the results of external penetration testing, and agree corrective action Identify, record, document and track bugs Research current software security risks Provide software security training and support to other members of the development team Experience Required: Full secure software life cycle experience in a software house environment or large IT department Familiarity with the support of software products designed with SOA architecture Skills (mandatory): Experience with code analysis and penetration testing tools Agile/Scrum methodology Web security knowledge: OWASP, OWASP Top 10, ASVS, CWE/SANS Top 25 Awareness of security standards and frameworks relevant to the SaaS industry (eg ISO, NIST, CSA) Microsoft C# Skills (advantageous): GIT SpecFlow/Gherkin Jenkins Web Services WCF & REST HTML/CSS web dev JavaScript/JQuery MVC SOA TDD/BDD Microsoft Team Foundation Server (or similar) Permanent - 37.5 hours per week Leatherhead