Senior Application Security Engineer

Our client is a leading asset servicing provider for the global investment management industry. From 16 locations around the world, our client, through its suite of solutions, helps clients mitigate risk, execute seamlessly, and increase efficiencies in their pre and post-trade operations. With over $770 billion in assets under administration, our client is one of the top fund administrators globally. Its nearly 500 clients represent hedge funds, asset managers, private equity, real assets, fund of funds, and more, and benefit from a broad range of additional solutions including fund financing, foreign exchange, custody, trustee services, depository, middle-office outsourcing, securities lending, and other banking services.

Job Description

Technology and data are at the heart of their service proposition to their clients and their investors. Their business is entrusted with their information every day and takes their security seriously.

We are looking for a Senior Application Security Engineer, to be an integral part of the information security organisation, and to work with their product and development teams, and third parties, to ensure that secure application design and testing techniques are appropriately applied at all stages of the development lifecycle.

Reporting to the Head of Security Architecture and Engineering

You Will:

• Review and refresh their application security assessment activities to strengthen their capability in this critical area, ensuring consistent application security involvement across all operational platforms, development and change initiatives
• Foster collaborative working relationships with the wider Technology Architecture, Product and Development teams, all who are critical partners and key to ensuring an effective Security by Design approach is adopted embedding security in all change initiatives at an appropriate time and level
• Perform threat modelling and security-focused code reviews
• Promote the awareness and adoption of dynamic application security testing, working alongside development leads and the Head of Security Architecture and Engineering to establish a roll-out plan
• Support the introduction and ongoing management of a single developer security platform, consolidating and learning from existing activity and experience to date. Identify and implement supporting tools to automate processes and testing activities
• Assist teams in reproducing, triaging, and addressing application security vulnerabilities
• Work alongside and oversee the input of third-party security services providers, to manage broader security assessments of infrastructure and applications
• Implement application security controls across the business
• Design technical solutions to address identified security weaknesses
• Support the production of secure coding standards, as part of wider non-functional requirements definition
• Participate in operational and incident escalations and investigations, as required
• Contribute to risk management initiatives by identifying and overseeing risks across application security areas

Qualifications

Essential:

• Extensive application security engineering experience, with a specific focus on web application security
• Development/scripting/platforms skills and experience, including Python, JavaScript, .NET, GitLab, Docker and Jenkins
• A good understanding of network and web-related protocols
• Experience in identifying security issues through code review
• Familiarity and ability to explain common security flaws and ways to address them
• Familiarity with common security libraries and tools, such as developer security platforms, static analysis tools and penetration testing tools

Preferred:

• In-depth working knowledge of standards and material provided by organisations such as the Web Application Security Consortium (WASC), the OWASP Foundation, and the WebAppSec Working Group
• Certifications such as Certified Web Application Security Tester (C-WAST), Certified Ethical Hacker (CEH), Certified Application Security Engineer (CASE) and Offensive Security Web Expert (OSWE)
• Familiarity with governance, compliance and assurance standards such as the ISO 27000 series and, SOC1 and SOC2 attestations
• Understanding of information security risk with the ability to recommend pragmatic business-focused decisions

Additional Information

Our client is exceptionally proud of their approach to Hybrid Working. It enables the flexibility to thrive from wherever their employees work and, stay connected to their team and the culture. When we make Hybrid Working plans, we get to know the individual and pride themselves in underpinning all their decisions with fairness and consistency.

Our client provides all of its employees with an extremely attractive compensation package. In addition to base salary, there is a group medical insurance scheme, group pension scheme, reimbursement of professional subscriptions, paid holidays and assistance towards gym memberships.

Benefits

• Competitive remuneration package
• Hybrid Work Model
• Private medical insurance
• Learning & Development Benefits
• Wellness Benefit
• Team-building events

If you are interested in the above position, please press Apply below or email your CV to terri.neofitou@emeraldzebra.cy

Please note that only successful candidates will be contacted.