Application Security Engineer
- Employer
- Schroders Investment Management
- Location
- London, United Kingdom
- Salary
- Competitive
- Closing date
- Jun 12, 2022
View more
- Job Function
- Other
- Industry Sector
- Finance - General
- Employment Type
- Full Time
- Education
- Bachelors
You need to sign in or create an account to save a job.
Who we're looking for
Schroders Cyber Security team is looking for a Cybersecurity engineer with expertise in Application Security domain, who will be responsible to define consistent Secure Software Development Lifecycle practices for all Schroders technology projects throughout the planning and delivery cycles that assure application security vulnerabilities are mitigated to tolerable levels.
The successful candidate will have very strong application security, web application development experience and team leadership skills to join a growing Information Security team, and assist with the operation of the AppSec function.
About Schroders
We're a global investment manager. We help institutions, intermediaries and individuals around the world invest money to meet their goals, fulfil their ambitions, and prepare for the future.
We have around 5,000 people on six continents. And we've been around for over 200 years, but keep adapting as society and technology changes. What doesn't change is our commitment to helping our clients, and society, prosper.
Technology at Schroders
There's a huge amount of change going on at Schroders. Technology's shaping our business more and more, so there are many opportunities waiting to be grabbed. And because we're a big financial player, we can put hefty backing behind good ideas.
We're a serious business - we have enormous responsibilities to our clients and shareholders. But just because we're suited and booted, that doesn't make us stuffy; our tech teams are friendlier and more informal than you might expect.
The base
We moved into our new HQ in the City of London in 2018. We're close to our clients, in the heart of the UK's financial centre. And we have everything we need to work flexibly.
What you'll do
In this position, you are a passionate and talented application security engineer with very deep understanding of OWASP, CWE 25, Data Protection, Access management, software vulnerabilities, best practices design and threat modelling skills, who can work in a dynamic environment. You must be dedicated to able to work with developers in producing secure code in short time frames and be willing to go beyond the standard routine.
Your primary responsibilities includes:
• Work as part of a team of software and security engineers to design/maintain and build best-in-class product security tools and services.
• Technical point of contact for product teams as it relates to automation, CI/CD, and Product Application Security Operations
• Build tools and automation scripts that enable developers to easily consume security services delivered by Security Engineering and Automation team
• Responsible for security product QA and Testing
• Build strong relationships with product development teams
• Run software composition analysis (SCA) tools
• To understand and explain penetration testing findings to the software engineering teams helping them to triage the findings and explaining how to mitigate the risks
• To articulate business risk when assessing software vulnerabilities
• Continuously improve the operations of SAST, DAST and IaC security tools
• Continuously improve the operations of Web Application Firewalls (WAF) or IDS
• Continuously improve the coverage of security tooling in Cloud environments e.g. Microsoft Azure & Amazon AWS
The knowledge, experience and qualifications you need
• Computer Science / Cyber Security Degree
• Application Development background
• CISSP/CSSLP/CEH/OSCP or similar certification
• Azure DevOps experience
• Ability to code in at least one programming language e.g. Python/JavaScript/CSharp/Powershell
• Prior experience working in a large organisation or Financial Services is an advantage
• Excellent analytical skills with attention to details
• Presentation skills - ability to present complex solutions to a less technical audience
• Team-player interpersonal skills, with the ability to communicate and collaborate effectively with different people in a variety of roles
• Passionate about developing a career in Information Security
• Excellent command of the English language, both written and spoken
What you'll be like
• Passionate about mastering and innovating best practice in business analysis
• Inspiring and collaborative leader, model of agile leadership approach
• Friendly, approachable, enjoys working with people from a variety of backgrounds
• Capable of remaining positive when under pressure
• Continuous improvement mind-set, challenges the status quo and seeks self improvement
• Problem solver, comfortable taking the initiative in challenging and ambiguous circumstances
We're looking for the best, whoever they are
Schroders is an equal opportunities employer. You're welcome here whatever your socio-economic background, race, sex, gender identity, sexual orientation, religious belief, age or disability.
Schroders Cyber Security team is looking for a Cybersecurity engineer with expertise in Application Security domain, who will be responsible to define consistent Secure Software Development Lifecycle practices for all Schroders technology projects throughout the planning and delivery cycles that assure application security vulnerabilities are mitigated to tolerable levels.
The successful candidate will have very strong application security, web application development experience and team leadership skills to join a growing Information Security team, and assist with the operation of the AppSec function.
About Schroders
We're a global investment manager. We help institutions, intermediaries and individuals around the world invest money to meet their goals, fulfil their ambitions, and prepare for the future.
We have around 5,000 people on six continents. And we've been around for over 200 years, but keep adapting as society and technology changes. What doesn't change is our commitment to helping our clients, and society, prosper.
Technology at Schroders
There's a huge amount of change going on at Schroders. Technology's shaping our business more and more, so there are many opportunities waiting to be grabbed. And because we're a big financial player, we can put hefty backing behind good ideas.
We're a serious business - we have enormous responsibilities to our clients and shareholders. But just because we're suited and booted, that doesn't make us stuffy; our tech teams are friendlier and more informal than you might expect.
The base
We moved into our new HQ in the City of London in 2018. We're close to our clients, in the heart of the UK's financial centre. And we have everything we need to work flexibly.
What you'll do
In this position, you are a passionate and talented application security engineer with very deep understanding of OWASP, CWE 25, Data Protection, Access management, software vulnerabilities, best practices design and threat modelling skills, who can work in a dynamic environment. You must be dedicated to able to work with developers in producing secure code in short time frames and be willing to go beyond the standard routine.
Your primary responsibilities includes:
• Work as part of a team of software and security engineers to design/maintain and build best-in-class product security tools and services.
• Technical point of contact for product teams as it relates to automation, CI/CD, and Product Application Security Operations
• Build tools and automation scripts that enable developers to easily consume security services delivered by Security Engineering and Automation team
• Responsible for security product QA and Testing
• Build strong relationships with product development teams
• Run software composition analysis (SCA) tools
• To understand and explain penetration testing findings to the software engineering teams helping them to triage the findings and explaining how to mitigate the risks
• To articulate business risk when assessing software vulnerabilities
• Continuously improve the operations of SAST, DAST and IaC security tools
• Continuously improve the operations of Web Application Firewalls (WAF) or IDS
• Continuously improve the coverage of security tooling in Cloud environments e.g. Microsoft Azure & Amazon AWS
The knowledge, experience and qualifications you need
• Computer Science / Cyber Security Degree
• Application Development background
• CISSP/CSSLP/CEH/OSCP or similar certification
• Azure DevOps experience
• Ability to code in at least one programming language e.g. Python/JavaScript/CSharp/Powershell
• Prior experience working in a large organisation or Financial Services is an advantage
• Excellent analytical skills with attention to details
• Presentation skills - ability to present complex solutions to a less technical audience
• Team-player interpersonal skills, with the ability to communicate and collaborate effectively with different people in a variety of roles
• Passionate about developing a career in Information Security
• Excellent command of the English language, both written and spoken
What you'll be like
• Passionate about mastering and innovating best practice in business analysis
• Inspiring and collaborative leader, model of agile leadership approach
• Friendly, approachable, enjoys working with people from a variety of backgrounds
• Capable of remaining positive when under pressure
• Continuous improvement mind-set, challenges the status quo and seeks self improvement
• Problem solver, comfortable taking the initiative in challenging and ambiguous circumstances
We're looking for the best, whoever they are
Schroders is an equal opportunities employer. You're welcome here whatever your socio-economic background, race, sex, gender identity, sexual orientation, religious belief, age or disability.
You need to sign in or create an account to save a job.
Sign in to create job alerts
Sign in or create an account to start creating job alerts and receive personalised job recommendations straight to your inbox.
Create alert