Web Application Engineer

Job Description

Application Security EngineerDuration: 26 weeksAgency Reference: 6981910Location: Reading (currently working from home)A position has arisen for a Web Application Security Engineer/Specialist within a leading telecommunications provider based in Reading. You will be joining the Technology Architecture team, which is responsible for application security design, architecture, engineering and testing within a project capacity. The successful candidate must have extensive experience of Application Security.Your duties will include:· Responsible for security implementation of all projects within the Technology team· Delivering high quality services and creative solutions across all application development platforms· Carrying out code review of high-risk application code, working with the team developing the solutions· Performing design reviews of new applications, products, and services to identify potential risks and recommend appropriate mitigations· Performing security assessments/penetration testing of applications· Performing post incident root-cause analysis and develop and implement strategies to prevent recurrence· Creating technical security standards for relevant technologies· Assisting with development and delivery of the organisations application security strategy· Responsible for monitoring and driving Application Security Compliance during project lifecycle· Working with stakeholders to implement security solutions and initiatives addressing new vulnerabilities· Delivering the technical aspects through plan > design > build for project & compliance security testing· Responsible for development of solutions to secure architecture requirements and standards· Engage across multiple functions on a global level to ensure Code Development Lifecycles are in place and application verification is drive through all application development programs.· Ensures accurate delivery progress reporting is completed and communicated to relevant stakeholders·Required Skills & Experience:· Minimum5 years’ hands-on experience of web and mobile application security. This could either be as an AppSec specialist within a security team, or as a developer with significant experience of securing and defending applications against real-world threats· Experienced at identify security flaws in applications via architectural assessment and threat modelling· Programming knowledge in one or more of the following: PHP, Python, Objective C and Swift,C#, .net, Java, JavaScript, Perl· In-depth knowledge of security aspects of at least two of the following:- Modern web applications and related technologies (Angular, React, JQuery, Spring, etc.).- Android and IOS mobile applications- APIs and micro services· Authentication/Authorization frameworks e.g. OAuth· Knowledge of common infrastructure technologies used to deliver and support applications e.g. Linux, Windows, databases, load balancers, containerization, public/private cloud environments.· Experience of manual security testing of applications using relevant tools (e.g. Burp suite, Nikto, SQLmap)· Familiarity with common application related compliance requirements – GDPR, PCI-DSS, CAS-T