Application Security Engineer
Remote - Warrington, England, United Kingdom
Applications have closed
Blue Prism
SS&C | Blue Prism® Intelligent Automation Platform delivers a secure digital workforce that accelerates growth, reduces costs and delivers better business outcomes.REMOTE ROLE: A Blue Prism Application Security Engineer champions product development security, providing security education and awareness, designs and implements new security initiatives that enhances Blue Prisms security position and implements, maintains and enforces software security standards and compliance.
Blue Prism is the global leader in intelligent automation for the enterprise, transforming the way work is done. At Blue Prism, we have users in over 150 countries in more than 1,800 businesses, including Fortune 500 and public sector organizations, that are creating value with new ways of working, unlocking efficiencies, and returning millions of hours of work back into their businesses. Our Digital Workforce is smart, secure, scalable and accessible to all; freeing up humans to re-imagine work.
To understand more about Blue Prism’s intelligent automation click here. You can also visit http://www.blueprism.com/ and follow us on Twitter @blue_prism, LinkedIn and Instagram @blueprismofficial. Or have a look at our YouTube page for further insights about Blue Prism.
Requirements
Duties & Responsibilities
The primary responsibilities of an Application Security Engineer are to:
- Drive security awareness through continuous education and quality documentation
- Ensure Blue Prism products are delivered with minimal security risk to the business or its customers
- Ensure product standards and compliance
- Provide technical subject matter expertise and security guidance to the business
- Evolve and promote Blue Prisms security strategy internally and externally
Dimensions of the Role
The application security engineer is a supporting role that works as part of the wider product team, they report to the senior/chief application security engineer that in turn reports to the director of engineering.
Competencies
The skills and knowledge required for the role is broad and diverse, specialization and established product knowledge is recommended at higher levels. The core skills required are:
- Driving security awareness through continuous education and quality documentation
Being able to identify and eliminate training needs with immediate teams and the wider organization
Creating positive learning environments through interactive learning workshops and presentations
Having good technical writing skills
- Ensuring Blue Prism products are delivered with minimal security risk to the business or its customers
Experienced in software development projects with a good knowledge of Agile SDLC and DevOps principles
Knowledge of OOP principles with a good understanding of one or more of the following programming languages
- C#
- C/C++
- VB.net
- JavaScript
- SQL
- Python
Experience of performing security design reviews, threat modelling and risk assessments
Experience of security testing and assurance
Experience and/or understanding of SAST tooling such as Checkmarx, Coverity, Veracode etc.Experience and understanding of SCA tooling such as Snyk, Black Duck, SourceClear etc.
- Ensure product standards and compliance
Awareness of international security standards such as OWASP top 10, CWE/SANS Top 25, HIPAA, NIST and how they apply to software development.
Understanding of how to identify and remediate 3rd party license compliance and risk
- Provide technical subject matter expertise and security guidance to the business and its customers
Knowledge of Security Architecture: threats, countermeasures, confidentiality, authenticity, integrity and non-repudiation
Good understanding of cryptography and its application to security
Demonstrating a good understanding of offensive and defensive security procedures and techniques
Working knowledge of cloud security service design approaches (Azure, AWS, Kubernetes, Docker or GCP).
Understanding of risk assessment tools and frameworks (STRIDE, DREAD, CVSS)
Ability to analyze incoming security concerns and lead/advise remedial work
Additional Skills, Experience, Languages
Whilst not essential the following skills are desirable:
- Professional security qualifications are desirable (e.g. CISSP, Offensive Security, Sans Institute, etc)
- Experience of using or Implementing the Blue prism product
- Theoretical and working knowledge of key peripheral technologies, including Windows Server / client fundamentals, Active Directory and security tooling
Benefits
- Company pension scheme
- Life assurance scheme
- Private medical scheme
- Employee share scheme
- 30 days holiday plus bank holidays
- Flexible working hours
Blue Prism Software is an Equal Opportunity Employer that does not discriminate on the basis of actual or perceived race, creed, color, religion, alienage or national origin, ancestry, citizenship status, age, disability or handicap, sex, marital status, veteran status, sexual orientation, gender identity or expression, genetics, arrest record or any other characteristic protected by applicable federal, state or local laws.
Blue Prism is not accepting unsolicited assistance from search firms for this employment opportunity. Please, no phone calls or emails. All resumes submitted by search firms to any employee at Blue Prism via-email, the Internet or in any form and/or method without a valid written search agreement in place for this position will be deemed the sole property of Blue Prism. No fee will be paid in the event the candidate is hired by Blue Prism as a result of the referral or through other means.
Tags: Active Directory Agile Application security Automation AWS Azure Black Duck C C++ Checkmarx CISSP Cloud Compliance Cryptography CVSS DevOps Docker GCP HIPAA JavaScript Kubernetes NIST Offensive security OWASP Python Risk assessment SANS SAST SDLC Security strategy SQL Strategy Veracode Windows
Perks/benefits: Career development Flex hours
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs