Reqiva Ltd
,
Exeter, Devon
Software Applications Security Specialist / Architect - SDLC
Overview
Job Description
An opportunity is available for this leading Technology and Software business who are looking for a Software Applications Security specialist / Architect to join their team. You will a senior, hands on member of the team, engineering focused and tasked with designing and executing a 'secure by design' approach and practice for the business across the full SDLC. You will need a combination of technical, architecture and communication skills to be successful. The company have a variety of technical stacks so you need experience across applications, services and systems. You will be working within the software engineering teams and the expert for infosec, data and IT related teams in this area. You will lead secure software design and monitor with security analysts driving improvements to software security practices for the business. Core Responsibilities: *Design secure software development and delivery systems with objectives like speed, scalability, robustness, zero-trust, automation and supportability at the core. *Ensure that the application estate is built, deployed/delivered and operated securely, according to industry standards, as well as our own. *Provide expert software security advice (design, coding, testing, etc) to the Software Engineering community, to InfoSec, DevOPS and other colleagues. *Do research and regularly consult with colleagues *Deliver secure software development training (e.g. OWASP Top10) *Co-work with Security Analysts and other colleagues on software vulnerabilities and security issues: determine scope, severity and potential impact, recommend next steps, follow through with risk treatment and mitigation. Experience Required: *Advanced understanding and demonstrable practical experience with the SDLC (Software Development Lifecycle), e.g. in a Developer, SDET, Senior Tester/QA analyst, Application Architect, Product/API designer or similar role. - minimum 5 years of experience required; coding experience in more than one language from: C/C++/C#, .NET, .NET Core, Java, JavaScript, Node.js, Angular, React, etc *Good experience working with (understanding, preventing and remedying) security issues in software architecture, software development, e.g. static and/or dynamic code analysis and tools, software dependency checking, OWASP Top10 testing, application threat modelling, SEI CERT C / J, etc. *Good experience working in an Agile software development environment, with classic applications as well as microservices, using modern code processing and continuous integration and delivery tools (e.g. GitHub, Jenkins, Bamboo, etc) *Good understanding of common information security management standards, frameworks, and laws / regulations: e.g. BSIMM, ISO 27001, GDPR, etc. This is the chance to join a reputable Technology, cloud business with a great culture and chance to shape their software security. If you are interested in finding out more please get in touch.