Applications Security Engineer - Rust / Golang

Job Description

Job Description : Purpose of the Role : Why does this role exist? How does it support our customers ? As a software-based and data-driven bank, the role of the AppSec engineer will support the IT department to ensure that every step of the software development lifecycle (SDLC) follows security best practices. Working closely with the development team in order to help them understand what security flaws they need to watch out for, and how to fix the ones already present in the apps. The successful candidate will help the bank evolve it's application security functions and protect the banks applications from security attacks, by developing, inserting and testing security components that make the applications more secure. Understanding technology change controls is critical to this role and the AppSec Engineer must be prepared to consider all impact of change. Bringing this technical expertise in house will allow for the bank to continue to enhance its security posture to benefit both the users and our customers, while maintaining the knowledge internally and reducing the dependency on external contractors. Key Accountabilities : - Provide an outline of the key accountabilities required as part of this role. - Promote a culture of security throughout the SDLC by advocating a shift left mentality to ensure possible threats or security issues can be addressed early. - Drive the security mindset into the teams who ae responsible for the applications they create, maintain and run. - Help build the Application Security strategy for the bank and assist defining the secure code development framework for the bank. - Defining security requirements, guidelines and policies for our developers, platforms, tooling and services. - Be an 'Subject Matter Expert' within specific areas of Application Security (OAuth, SAML, API Security etc). - Perform threat modelling, assess security controls and recommend best security practices and methods and tools. - Work with developers to perform security testing - both manual and automated, triage and remediation. - Orchestrate web and mobile application penetration testing when required. - Implementing advanced testing applications by patching and utilizing shielding tools that harden the banks applications. - Maintaining technical documentation. - Identifying new technologies, tools, and approaches to help continually improve the banks security standards and qualities. Experience : What previous experience is required for the role? - Minimum 3 years' experience in an engineering role (AppSec, Software Development, Scripting, Testing etc). - Background in an engineering role and hand on experience in a development environment. - Strong research, analytical and problem solving skills. - Good knowledge of DevOps CI/CD workflows, tools and integration points and experience integrating security into SDLC. - Good knowledge of running systems/applications in an enterprise IT environment, comprised by bare metal, VM's and containers. - Experienced in performing code reviews and writing security tests. - Understanding of security frameworks (BSIMM, ISO etc). - Deep knowledge of best practices in writing secure code (e. g OWASP, NIST etc). - Threat modelling experience against industry standard frameworks. - Previously worked with cloud services - preferably AWS and AWS security services. - Have a view of what 'good' looks like in a cloud native world. - Formal Cyber Security Qualification and/or relevant bachelors degree such (e. g CCSP, CSSLP or CISSP). Desirable : - Knowledge of more than one programming language (e.g Go, Rust, Python). - Previous experience within financial services. - Experience with container technology. - Good project management skills and/or substantial exposure to project-based work structures, project lifecycle models etc. - Familiar with Atlassian products.