Software Security Engineer
Summary: • We are looking for an experienced and passionate Software Security Engineer to join our Infosec team to analyse software designs and implementations from a security perspective and identify and resolve security issues.
• As a Software Security Engineer at our company, you will be responsible for planning, developing, implementing and maintaining the company's software security strategy and DevSecOps practices and integrating security into the development pipeline.
• Ensure security analysis, defences and countermeasures at each phase of the software development lifecycle, to result in robust and reliable software.
Description of the role
Working with the Chief Technical Architect and Infosec Team to:
- Develop the WCG software security strategy.
- Define, implement and maintain the WCG software security policies.
- Evolve the WCG secure SDLC.
Working with Developers, Business Analysts and other trades to:
- Consult and advise on WCG and industry software security best practices.
- Review business requirements documents (BRDs), system design documents (SDDs) and security questionnaires with respect to security requirements and standards.
- Audit code to identify security issues and improve software security practices.
- Identify and evaluate information security risks in developed applications.
- Analyse, assess and evaluate the code and library vulnerability reports.
- Review and respond to penetration tests, advising and challenging the findings as necessary; and assisting to resolve identified vulnerabilities.
- Liaise with customer security teams in relation to application related information security audits.
- Challenge the software architects on secure design principles.
- Analysing software implementations and designs to identify and resolve security issues.
- Ensure appropriate security analysis during each part of the software creation cycle.
- Assist the infrastructure team with secure environment design and build.
Requirements of the role
Required technical skills
- Ability to accurately scope software security technology requirements and objectives.
- Knowledge of, or hands-on experience with security technologies such as: NGFW, VPN, IPS/BDS, vulnerability management, WAF, DDoS mitigation, PKI, key management, IDAM, DLP, UEBA, SIEM, endpoint security, threat intelligence.
- Must have familiarity with DevSecOps practices and integrating security into the development pipeline.
- Excellent understanding of OWASP top 10 software development principles, covering both attack and defence techniques.
- Good understanding of the Application Security Verification Standard (ASVS) to level 3 recommendations.
- Familiarity of single sign on solutions.
- In-depth understanding of cryptographic principles such as bulk encryption, asymmetric encryption, hashing, key exchange mechanisms, message authentication schemes and digital signatures.
- Sound understanding of transport layer security technologies and configuration best practices.
- Good understanding of multi-factor authentication methods and how they can be applied to core products and services.
- Proficient in Java development.
Desirable technical skills
- Industry recognized certifications for such as CISSP, CEH, CCSE, CCSP.
- Familiarity with one of more of the following Security Architecture standards: SABSA, TOGAF, NIST, ISO 27002.
Desirable Certifications or equivalent experience:
- Degree in Computer Science or Software Engineering.
- CEH: Certified Ethical Hacker.
- OSCP / CEPT / GPEN / CISSP / CPT.
- A self-motivated achiever who gains satisfaction from providing excellent service with proven experience within a security engineering role.
- Excellent communication skills. (Accurate verbal and written communication).
- Proactive and highly organised and able to work in a fast-paced environment.
- Able to work on own initiative, and part of a team under pressure and to deadlines.
- 5 years previous experience in a similar role.
- Well-developed analytical capabilities.
- Well-developed time management skills and able to be flexible with respect to working hours, according to operational requirements.
White Clarke Group are committed to welcoming people with disabilities with respect to recruitment, employment, training, career development and career progression and welcomes and encourages applications from people with disabilities. Accommodations are available upon request for candidates taking part in all aspects of the selection process.
- Private medical healthcare on completion of probation period
- Auto enrolment pension scheme
- Childcare voucher scheme
- Cycle to work scheme
- Death in service benefit
- Free onsite parking
- Corporate gym membership options
- Associate car purchasing discounts – available with selected manufacturers
- 23 days holiday per year with the option to buy & sell 3 days
- Additional holiday entitlement increases with length of service
- Employee referral scheme
- Assistance with eye tests
- Professional Association subscriptions fee assistance
- Social Committee – events throughout the year
- Support with professional qualifications