Application Information Security Specialist - Surrey, London

This job has now expired please search on the home page to find live IT Jobs.

Application Information Security Specialist - Richmond, SurreyMy client are a world leading events business, based in Surrey. Rated as one of the world's most innovative companies with over 7,000 technologies, they offer solid opportunities for progression and learning.Their highly motivated and enthusiastic cross functional team builds a market place connecting exhibitors and buyers to support our global events business. They are looking for an Application Information Security Specialist to work with ISMs, Product Owners, Technical Leads etc. to validate and ensure the security of their services ecosystem. Key Responsibilities:Ensure suitable secure testing happens through the SDLC, and company security policiesEnsure policies are upheld, relevant security controls and standards are included within the design and security awareness provided to all engineering staffConduct technical risk assessments i.e. vulnerability scanning, penetration testing etc. Handle service requests from the business and tech teamsAnalyse and validate requirements, define access rules, script changes and provide troubleshooting support relating to access issuesLead analysis and review security events for anomalous activityAssesses and measure security programs to ensure closed loop operationsDevelop and implement security programs: manage and execute project deliverables; develop program procedures including guidelines and flow diagrams; and develop tools or metrics that allow for measurement of successful program implementation Skills & Experience:Advanced knowledge of security environments. Experienced in application and information security architecture, risk assessments, vulnerability and penetration testingAbility to conduct technical risk assessments for new applications and third partiesThreat modelling, risk analysis, design and architecture of security principles for applications, APIs, Data and communication protocolsExcellent understanding of NIST cybersecurity framework, SAS70 and/or other standardsDetailed knowledge of application and information security testing tools (static, dynamic and web/api/mobile vulnerability scanning), standards and OWASP guidelines and security testing throughout the product development life cycleExperience of working in a mixed OS, Cloud, SaaS, Web, API and Mobile Application environmentsGood understanding and working knowledge of relevant legal frameworks, licensing, Data Protecting and GDPRExperience of security concerns at the networking layersKnowledge of current and emerging cyber threatsIf you'd be interested to find out more, please apply with a copy of your CV and I'll be in touch.