Work for this dynamic, technology driven organisation as the Application Security Specialist you will be responsible for security during the software development lifecycle and will be working closely with application development groups to ensure secure design, development and implementation of security controls.
The purpose of your brand-new role will be to identify and drive application security control enforcements and provide technical advice to various business and technology stakeholders for application security vulnerability remediation and promote secure application development practices.
- Consult and work directly with business and technical stakeholders to promote and embed secure application development controls and standards
- Coordinate and manage security testing activities across the enterprise
- Propose and implement improvements to overall processes, methodologies, and technologies used to support application security assurance capabilities
- Ensure cyber security controls meet business requirements for performance and effectiveness
- Engage with external specialist service providers to carry out security penetration testing activities
- Provide specialist knowledge in managing risks that are discovered through security testing activities
- Design appropriate application security controls that follow industry best practices, standards and guidelines while matching the risk appetite of the business
- Review overall application design and development documentation and work with the project team to align the design to the security requirements
- Report security control deficiencies or gaps using appropriate enterprise risk management frameworks and processes
- Ensure that applications and systems have appropriate controls that can detect suspicious activity that may indicate attacks by internal users, or external attackers who have penetrated the internal network
Knowledge, Skills and Experience
- Minimum of 5+ years of experience in Software Security, preferably including experience in security validation and security tools for applications, open source SW, Network, IoT, web applications, and cloud services
- Proficiency with security validation solutions used for static code analysis, dynamic code analysis, vulnerability scanners and debuggers
- Knowledge of key security technologies i.e. Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Application Security Firewalls
- Strong knowledge of security standards, security controls, software technology and software security
- Solid experience with automated web application vulnerability scanner
- Experience with Windows 8/10, Android, iOS and Web hosting services
- Deep knowledge of common software vulnerabilities, such as OWASP Top 10 and CWE/SANS Top 25
- Experience working in an Agile product development methodology
- An ICT security certification in Information Security (i.e. CISSP, CISA or CISM, etc) would be highly desirable
Apply now to secure an interview, or contact Carly Llorente on 9236 7704 for a confidential discussion.