Application Security Manager

Company Description

At Stepstone Group, we help everyone get the job that best fits their life. Whether it is the next step in their career, or a job to pay the bills - we exist to match lifestyles with livelihoods.  

We play our part by giving people everything they need to find the right job for them in that moment; making jobs work for more people, whatever they do, and however they choose to do it. 

Equal opportunities are important to us. We believe that diversity and inclusion at Stepstone Group is critical to our success as a global company, so we want to recruit, develop, and keep the best talent on the market. We encourage applications from everyone, regardless of your background, gender identity, sexual orientation, disability status, ethnicity, belief, age, family or parental status, and any other characteristic. If you require reasonable accommodation in completing this application or interviewing, please let us know. 

We also have a hybrid approach to working from home and in the office!

Job Description

Day-to-day tasks

• You lead a team that is responsible for software application security.
• Will coordinate scheduled pentests and ad-hoc assessments of different products, prior to prod or in production.
• Hands-on knowledge on SSDLC and automation, in order to enable integration and adoption of security tooling/services.
• Will champion and support teams with threat-modelling activities.
• Will champion the adoption of threat-modelling automation and will constantly measure the safeguards to mitigate risks.
• You design, build, and operate innovative tools to automate security assessments.
• Support the Security Management by providing insights on different KPIs and metrics.
• Coordinate with different teams to embed and present appsec metrics into teams-dashboards.
• Coordinate with ISO to enhance our policies and standards.
• Join product development calls to present security requirements and propose ideas how to differentiate our brand.

What you will bring :

• Hands-on experience of SSDLC automation and implementation.
• Hands-on experience with threat modelling activities, tooling and implementation.
• Experience with Pentest scoping and prioritization based on risk and impact.
• Development experience in .Net, Java , RoR is a plus.
• Certifications are not a must but would be a plus, OSCP, OSWA/OSWE
• Knowledge of cryptography, authentication and authorization.

Additional Information

Benefits and Rewards:

We believe in giving recognition to our employees, so if you are interested to find out more, please look at the Totaljobs Group career site.

• Holiday - We feel work-life balance is important, so we offer every single one of our employees 29 days holiday a year, plus public holidays.  Everyone also has the option to buy or sell up to three days each year in our Holiday Flex scheme. 
• Family Leave - we understand that laying the foundations for a smooth start to family leave will also make for an easier transition back to the workplace and subject to qualifying criteria, the benefits under the Company Family schemes are more generous than required under current legislation.
• Pension Scheme - To help our people plan for their future we offer a competitive pension scheme.
• Eye Tests - Every employee receives a voucher which entitles them for a free eye test every year.
• Medical - Access to digital GP and well-being services.
• Charity - Each Stepstone Group employee receives x2 additional days off every year to volunteer to charitable causes. We also give our employees the chance to 'give as they earn' meaning they can donate tax-free to a registered charity, and Totaljobs Group will match their contribution up to a value of £10 per month. 

For more information about Stepstone Group benefits please look at the Stepstone Group career site.

When you apply for a role with us you will be asked to complete an equal opportunities questionnaire. If you have any questions about this, please feel free to reach out to one of the team.