Application Security Engineer
Hatfield, Hertfordshire, UK
Applications have closed
Ocado Technology
“We are on a mission to transform the future of grocery retail through sustained technology innovation.”
Ocado Technology is putting the world’s retailers online using advanced artificial intelligence, robotics, big data, the cloud and IoT. We develop the innovative software and hardware systems that power Ocado.com, as well as the unique ‘Ocado Smart Platform’ which is being implemented by ambitious retailers across the world from Europe to America, Asia and beyond. With everything from websites to highly automated warehouses that we design in-house, our employees are skilled specialists with expertise across a wide range of technologies, working on cutting-edge innovations that are shaping the future of our society.
We are a fast- growing company: today we have colleagues in 7 development centre across the UK and Europe, with offices open in London, Hatfield, Welwyn Garden City (UK), Krakow, Wroclaw (Poland), Sofia (Bulgaria) and Barcelona (Spain), with a satellite office in Stockholm (Sweden).
We champion a value-led culture to get our teams working at their very best and to help create a collaborative working environment with inspiring projects that our people love. Core values of Trust, Autonomy, Craftsmanship, Collaboration and Learn Fast help drive our innovative culture. But don’t just take our word for it, have a look at what our people are saying about us on Glassdoor.
What would I be doing?
The main mission of the AppSec engineers is to help us build secure systems by embedding security in our SDLC. You will achieve this by providing expertise and guidance, working closely with the development teams, central AppSec function, InfoSec team and Security Chapters. We are currently creating a centralised team of AppSec Engineers with different skills sets and levels of experience, providing services to different streams.
As part of the AppSec team you will do the following:
- Working with development teams to provide them with help and guidance on addressing cybersecurity threats
- Conducting threat modelling sessions and security code reviews, and training development teams on how to run them
- Participating in security issue management processes
- Educating and supporting development teams perform security activities
- AppSec tooling and integrations like security issue tracking and SAST tools
As an AppSec engineer you will be involved in supporting teams of software engineers including security practices to their SDLC and maintaining the AppSec tooling integrations.
The roles and responsibilities performed by the AppSec team are:
- Working with teams to provide them with help and guidance on addressing cybersecurity threats
- Conducting threat modelling sessions and training teams on how to run them
- Participating in security issue management processes
- Assisting engineering teams with organising penetration testing by dedicated pentest partners
- Educating and supporting teams perform their security code reviews
- Oversee in-stream use of vulnerability detection and reporting tools
- Auditing, providing teams with feedback and guidance about their security activities (threat modelling, code reviews, SDLC practices)
- Keep updated the SDLC security guidelines
- Research security best practices in other organisations
- Keeping abreast of new vulnerabilities and attack vectors, and associated countermeasures
What we would like to you to have:
- Strong interest in application security
- Demonstrable programming ability with an in-depth understanding of underpinning techniques
- Experience in the full Software Development life-cycle from design to deployment
- Ability to work in a geographically dispersed team
- Strong communication skills and ability to influence engineering behaviours
- Interest in continuous learning
Nice to have but do not feel hesitant to apply if you don’t.
- Experience as an Application Security Engineer
- Knowledge of backend and frontend web application vulnerabilities
- Knowledge of cloud environments
What we offer you
Our employee benefits are designed for you, we care about people and we’ve ensured we have a wealth of benefits that focus on your well-being. Within our flexible environment we can offer technically stretching work, a competitive salary and share schemes. Benefits include pension scheme, train season ticket loan (interest-free), free shuttle bus from Hatfield train station and of course, healthy Ocado retail staff discounts.
We also have regular divisional socials, sports clubs not to mention the Ocado Technology Academy for a packed schedule of courses, conferences and events such as discussion sessions, conference briefs and external guest speakers. If you think you have what it takes to make a difference, please submit your application below.
Due to the energising nature of Ocado's business, vacancy close dates, when stated, are indicative and may be subject to change so please apply as soon as possible to avoid disappointment.
Please note: If you have applied and been rejected for this role in the last 6 months, or applied and been rejected for a role with a similar skill set, we will not re-evaluate you for this position. After 6 months, we will treat your application as a new one.
Be bold, be unique, be brilliant, be you. We are looking for individuality and we value diversity above gender, sexual orientation, race, nationality, ethnicity, religion, age, disability or union participation. We are an equal opportunities employer and we are committed to treating all applicants and employees fairly and equally.
Tags: Application security Artificial Intelligence Audits Big Data Cloud Pentesting SAST SDLC Vulnerabilities
Perks/benefits: Career development Competitive pay Conferences Flex hours Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open CEH-related jobs