About the role
AI summarisedSenior Associate Application Security Engineer at a bank's Group Technology division, responsible for integrating security into the software development lifecycle, conducting security assessments, and advising development teams on secure coding practices.
BusinessFull-timeGeneral
Key Responsibilities
- Perform application security assessments including threat modeling, secure code review, and penetration testing.
- Integrate security tools and practices into CI/CD pipelines to enable DevSecOps.
- Provide security guidance and training to development teams on secure coding standards.
- Review and validate security requirements for new applications and features.
- Conduct security architecture reviews and recommend security controls.
- Monitor and respond to application security incidents and vulnerabilities.
- Develop and maintain application security policies, standards, and procedures.
- Collaborate with cross-functional teams to ensure security is embedded in the software development lifecycle.
Requirements
- Bachelor's degree in Computer Science, Information Security, or related field.
- Minimum 3 years of experience in application security or related role.
- Strong understanding of OWASP Top 10 and common web application vulnerabilities.
- Hands-on experience with security testing tools such as Burp Suite, Nessus, or similar.
- Knowledge of secure coding practices in languages such as Java, .NET, or Python.
- Experience with cloud security concepts and platforms (AWS, Azure, GCP).
- Familiarity with DevSecOps practices and CI/CD tools (Jenkins, GitLab, etc.).
- Relevant security certifications (CISSP, CISM, CEH, OSCP) are preferred.
- Excellent communication and interpersonal skills.
- Ability to work independently and as part of a team.