Skip to main content

This job has expired

Head of Application Security

Employer
Akkodis
Location
West Midlands
Salary
75000.00 - 90000.00 GBP Annual
Closing date
10 Feb 2023

View more

Sector
Telecoms / Utilities
Responsibilities
Information Technology
Position/Level
Professional / Specialist
Contract Type
Permanent
Language
English

Job Title: Head of Application Security

Location: West Midlands

Duration: Permanent

Salary: GBP75,000- GBP90,000

My client is looking for Head of Application Security to join their business on a permanent basis. You will be Working closely with their internal and external suppliers across the group, you will be responsible for ensuring that any software developed, operated, or acquired meets their application security and resiliency standards while enabling rapid innovation to meet customers' ever-changing needs.

Primary Responsibilities:

  • Defining and managing the application security and resiliency frameworks, developing standards, and designing assurance exercises to ensure compliance with risk appetite;
  • Integrating security tools, standards, and processes into the product/software development life cycle across both internally developed and externally provided applications;
  • Defining developer secure coding practices and ensuring that developers and QA/test personnel are trained with the appropriate level of security knowledge to perform their daily activities;
  • Develop logging and monitoring strategies with validated use cases for detecting malicious activity within each application;
  • Improving and supporting application security tool deployments including code analysis testing (*AST), SCA, container and runtime testing tools and integrating them into CI/CD pipelines;
  • Improving and maintaining secure development standards;
  • Supporting the incident response, resiliency, and architecture review processes whenever application security expertise is needed;
  • Managing penetration testing services, including delivering a continuous penetration testing programme and driving remediation;
  • Supporting supplier security activities to ensure third-party software development meets company security standards;
  • Integrating threat modelling practices into the product/software development life cycle;
  • Producing metrics and reporting on the state of application security initiatives, and the performance of development teams against security development standards

Key Dimensions:

  • The role holder must be able to work with and influence developers, suppliers, QA/test, and Project/Programme delivery colleagues across the whole company eco system. Strong leadership skills and effective management of highly technical individuals is critical.
  • The role holder will be a security evangelist who can translate security concepts into language that is meaningful to many audiences including business and technical leaders and individual contributors (eg developers, QA/test, Portfolio/Programme/Project Managers). The ability to influence decision making at all levels of application/software development will be critical to success.
  • The role holder must be able to approach application security from the perspective of real-world threats and risk management to avoid purely academic thinking about software security.
  • Strong analytical skills and the ability to see the big picture and apply the relevant detail to it. Ability to cut through the noise and provide clear and appropriate recommendations and direction.
  • Excellent verbal and written communication skills, including experience speaking to leadership and technical colleagues, and writing technical documents

Professional Experience:

  • Expert knowledge of application security management and practices, with experience in Microsoft Dynamics, AWS and Azure Cloud solutions.
  • Expert knowledge and understanding of application security assessment and management methodologies with a background in application security testing.
  • Familiarity with waterfall and agile development processes, and experience of integrating secure development practices into both methods.
  • Ability to work at senior level and ensure that tactical activity supports the strategic picture.
  • Commercial experience from product selection through to vendor relationship and service management.
  • Agility of thought and comfort with complexity, together with the patience and resilience to overcome change inertia.
  • The will to succeed in support of the business' goals and to align potentially competing agendas to effectively manage cyber security risk within the business risk appetite.
  • Familiarity with; writing and/or testing applications and web services in any of the following programming languages; Ruby, .NET, Java, PHP or JavaScript.
  • Familiarity with a variety of development and testing tools (SAST and DAST), for example; Visual Studio, Tenable/Nessus, Git, Azure DevOps Pipelines, SonarQube.
  • Ability to explain vulnerabilities and weaknesses described in commonly used frameworks, for example; OWASP Top 10, WASC TCv2, and/or CWE 25 to any audience, and to discuss effective defensive techniques.
  • Familiarity with industry standards and regulations eg; PCI, ISO27001, NIST, etc
  • Preferred or willing to work towards recognised security related qualifications (eg CISM, CISSP).
  • Relevant (present or expired) application security development, management, or testing certifications (eg CHECK TL APP, OSWA, OSWE, Burp, GWEB).

If you are interested in the Head of Application Security role, please apply/email me with your latest CV, salary expectations and availability as soon as possible.

Email (see below) or call Jeremy at Akkodis for further information.

Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law.

Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers.

By applying for this role your details will be submitted to Modis International Ltd and/or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert