Penetration Tester (AppSec)

The Organisation

We are an international cyber security consultancy that leads the way in innovation and cyber resilience. Our entire team is owner-managed and works on a linear structure drawing expertise from the military, government, finance and technology industry. Together, we provide support and collaboration to those who protect company assets and sensitive data.

Job Purpose

The application security consultant will be responsible for leading and delivering a world class application security program to our clients. Leveraging on their own experience, industry best practices and our unique methodology, the successful applicant will leave customers confident that their own and third-party development practices are operating in a secure manner.

We are proud to foster a culture characterized by collaboration, attention to detail, transparency and excellence. We are deeply committed to our industry and continuously strive to build a world class service. This is recognized by our customers and partners and we are proud to continue this philosophy into the future.

Job Responsibilities, Skills and Knowledge, Qualifications and Experience

• Lead engagements from inception to completion, coordinating closely with both internal and external teams.
• Deliver application security consulting services, including threat modelling, providing security requirements and liaising with the testing team to arrange penetration test.
• Develop and present application security design documents and risk assessment reports.
• Design tailored application security solutions to meet clients’ needs.
• Review identified issues and associated remediation strategies with clients, assisting with implementation.
• Collaborate closely with clients’ development teams to support secure development activities.
• Champion cross-domain collaboration and coordinate security efforts.
• Provide subject matter expertise in Application Security, conduct peer reviews, and offer mentorship.
• Assist with Cloud Infrastructure security pertaining to software development and other relevant domains as necessary.
• Show expertise in the industry wide DevSecOps tooling, from architectural design to implementation and operational services.
• Contribute to business development activities, establishing oneself as an industry leader.
• Support technical sales of application security and related services.
• Identify and propose areas for process improvement and automation, and aid in the implementation of recommended solutions.
• Provide regular updates to the Senior Leadership Team on key activities, metrics, accomplishments, and challenges.
• Participate in educational activities, including attending relevant training and conferences.
• Maintain high standards of quality and expectations.

Qualifications

• A minimum of a bachelor’s degree in UK / US based computer science, maths or related field
• Minimum 3 years in Application Security role.
• Experience in software development.
• Strong understanding of secure software design, development methodologies, and principles.
• Proficiency in programming languages such as Java, JavaScript, C#, Python, or C/C++, along with related application development frameworks.
• Ability to identify and mitigate security vulnerabilities in web and mobile applications, including those listed in the OWASP Top 10 and CWE Top 25.
• Experience with static and dynamic security analysis tools, as well as black-box and white-box testing methodologies.
• Knowledge of tactics, techniques, and procedures used in software security exploitation.
• Experience in application security architecture, design consulting, and risk assessment using industry-leading processes and methodologies.
• Capability to create and execute test plans and provide comprehensive documentation and metrics.
• Knowledge of authentication and authorization protocols such as OpenID, OpenID Connect, OAuth.
• Familiarity with popular cloud platforms and native security features pertaining to application security and DevSecOps.
• Contributions to the security community through research, presentations, public CVEs, bug bounty recognitions, open-source projects, and publications.
• Highly motivated self-starter with a team-oriented mindset, driven to overcome obstacles.
• Excellent communication and executive-level presentation skills.
• Passionate about software and security.
• Trustworthy and honest team player, committed to professional development and supporting colleagues.

For more information about Shift F5 and the opportunities we have to offer follow us on Twitter @F5_Jobs

Shift F5 Ltd is acting as an Employment Agency in relation to this vacancy.