Online since 1999 | 11,279 IT Jobs Live NOW

Application Security Engineer

Premium Job From Trainline
Recruiter: Trainline
Listed on: 20th January
Location: London
Salary Notes: Competitive + Benefits
Type: Permanent
Start Date: ASAP

Application Security Engineer

Trainline is an innovative, tech business with a mission to bring together the world's rail, coach and other travel services into one simple experience. We aim to make travel easier and more accessible, encouraging people to make more environmentally sustainable travel choices. We're hugely proud to be the world's leading independent rail and coach travel platform and rank among the highest-rated travel and ticketing apps globally. Today, we offer our customers travel to thousands of destinations in and across 45 countries in Europe and beyond. That's more than £3.2 billion in ticket sales annually, and over 96 million visits to our apps and websites each month. In another major milestone, last summer Trainline listed on the London Stock Exchange and is now part of the FTSE 250.

Our culture is central to our success.?We're driven to sustain our phenomenal growth from recent years, and this means we're always working closely and collaboratively to turn our ideas into reality. It's this sense of pace, innovating and improving pretty much everything we do, that makes Trainline so exciting and unique - we truly believe our work has a genuine impact and will change travel for the better.

Technology at Trainline

Over half of our staff are technologists, we're changing the way that people travel through the use of high-quality software and technological innovation.

The application security team worksclosely with development and operations to build security in to applications and support processes. We provide assurance in the application lifecycle in various areas, including; design reviews, supporting automated code scanning, performing targeted application vulnerability assessments, and ethical hacking across systems.

We are responsible for the security of all channels which collectively bring in over £3.2 billion in ticket sales every year. That means at peak times over 200 people per minute are booking Trains.

Description of the Role                        

You will join a highly innovative team that ensures the ongoing security of multichannel operations covering ecommerce, mobile and customer services, you will be responsible for driving security improvement from design through delivery and into operations.

As a specialist, you will be expected to take the lead on finding technical solutions - drawing on your previous knowledge, self-learning and formal training.  The role is a proactive one, and you will be responsible for helping to implement, maintain and administer security toolsets used in the software development process. Although the primary focus of the role is on application security, the role also requires knowledge of cloud, network and infrastructure security, and will be expected to approve security-based change requests.

Key Responsibilities

  • Ensuring ongoing security of multichannel operations covering ecommerce, mobile, and customer relations
  • Helping to embed security in the development and operational lifecycle, and showing continued security value by presenting risk from the customer and business perspective
  • Ensuring teams have what they need to deliver secure code and applications including the skills, tools and training
  • Static and dynamic security testing including code scanning, hands on targeted assessments and ethical  hacking
  • Ownership of security toolsets for the discovery and investigation of potential vulnerabilities and activity monitoring
  • Reviewing and advising on application architecture and designs
  • Networking with industry peers on general and targeted threat intelligence
  • Acting as security evangelist and ‘mentor' to the business and development teams
  • Identifying and pursuing opportunities for continuous improvement
  • Helping to maintain PCI DSS compliance

Knowledge & Experience

Essential

  • Excellent skills in penetration testing of web applications
  • Experience working with external pen testers and/or acting as a primary contact for their testing
  • Solid and demonstrable comprehension of cyber and information security including secure coding, security in the SDLC, hacking techniques and the evolving threat landscape 
  • Experience or working knowledge of a variety of SAST and DAST security tools
  • Experience with web application firewalls and Akamai
  • Working knowledge of infrastructure security scanning software
  • Working knowledge of secure development practices such as OWASP and BSIMM
  • Technical mind-set with an aptitude for analysis and investigation
  • Keeps up to date with industry trends, new threats and changes in the security landscape 
  • Able to analyse technical data to decipher, prioritise and act upon findings
  • Knowledge of software security standards such as the BSIMM
  • Knowledge of current information security standards and regulations such as PCI DSS, ISO27000 series, and GDPR

Skills/Abilities 

  • Excellent oral and written communication skills
  • Self-starter who is able to work on their own and seek out new areas for investigation
  • Ability to discuss technical principles and issues to both technical and non-technical business teams
  • Deliver on time and be work on own initiative to ensure tasks are completed 
  • Dependable yet flexible with the ability to carry out scheduled activities
  • Strong people and engagement skills
  • Enthusiastic and shows a wiliness to learn new skills and take on new work 
  • Strong analytical, organisational, multitasking and prioritisation skills 
  • Ability to work effectively with all levels of the organisation 

We value open expression at Trainline, we believe it's the diversity of experience, backgrounds and perspectives of our employees that makes us who we are. We encourage everybody to play a part in changing the way people travel across the world.

Contact Name: Trainline
Reference: TJ/9087/40b5
Job ID: 2784800



Browse all skill types