Description
Our client, a leading financial services firm are looking for an experienced Software Security Engineer to establish and maintain secure software development practices as the firm progresses towards a cloud platform.
The role is hands on and the applicant will establish a good working relationship with the development team to develop standards, educate developers and monitor delivery.
Role Accountabilities
- To work with development teams to deliver a secure software development life cycle, a key component of which will be establishing a secure and auditable route to production using continuous delivery techniques.
- Work with development teams to agree standards for secure development practises for technical content.
- Raise the level of knowledge of secure coding practises within development teams through pair programming and other forms of developer education.
- This is a hands-on role which will involve significant time spent pair programming as part of development teams.
- Implement secure development standards as automated checks integrated into a continuous delivery build pipeline.
- Define and conduct regular application security reviews, for both internally and externally exposed applications, to ensure compliance with agreed standards.
- This includes vulnerability testing, risk analyses and security assessments.
Key Skills & Experience
- Proven experience as a software security development engineer, ideally in the Financial Services industry.
- Experience of agile methodologies and DevOps processes.
- Extensive experience in software development, Scripting and project management.
- Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorisation, applied cryptography, security vulnerabilities and remediation.
- Excellent software development experience in the following core languages: .NET.and Java
- Working knowledge of designing, securing and integrating applications/systems within cloud environments.
- Experience using system monitoring tools (ie LogRhythm) and automated testing frameworks.
- Experience in leading security incident response including identification, preservation and interpretation of computer evidence.
- Working knowledge of web related technologies (Web applications, Web Services and REST-based Service Architectures) and of network/web related protocols.