This well established and growing technology company is looking for someone who can develop their new AppSec function and embed a DevSecOps culture.
This is a greenfield site which offers a varied role:
– Hands on AppSec engineering
– Architectural practices and principals
– Some internal consultancy work
– Senior stakeholder management.
You will need to assess the gaps in AppSec practices and frameworks, and then work with the DevOps team to embed security into the SDLC, providing training to the developers. You will support the pen testers by interpreting the results of their tests.
The successful candidate will have a technical background in application security, perhaps having previously worked in software engineering. Threat modelling knowledge would be preferred. Knowledge of OWASP Top 10 and CI/CD pipelines is required. You will need to be able to translate results and audit reports into language that a developer will understand.
This is an excellent opportunity for someone looking to make their mark by leading a new AppSec function with growth potential in the future.