Application Security Specialist - Remote, United Kingdom - Companies House

Companies House

Verified Company

Remote, United Kingdom

2 weeks ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

Details:

Reference number:

Salary:

- £51,000 - £70,649

Base salary is £51,000 £60,649 with an additional DDaT allowance of £3,350 £10,000 available. The final salary and allowance awarded will be based on an assessment of your skills and experience as demonstrated at interview.

Job grade:

Grade 7
DDaT Principal
Contract type:
Permanent
Business area:
CH
Digital

Services
Type of role:

Digital

Information Technology

Security
Working pattern:

Flexible working, Fulltime, Homeworking
Number of jobs available:

1Contents

Location

About the job

Benefits:

Things you need to know

Location

Remote working (anywhere in the UK)About the job

Job summary:

Soon, our mission will fundamentally change from one that supports downstream consumers of data about Companies, to one where our Register of Company information is instrumental in combating and prosecuting fraud and other serious economic crimes.

This change will make our systems a much more attractive target. In anticipation of this, we are upscaling and upskilling our Cyber security capability.

At Companies House, hybrid working is about achieving an effective balance between working in the office and working from other appropriate locations. Our approach to hybrid working provides opportunities for you to be adaptable in the way you work so that you can achieve a healthy balance between your work and home life. We currently expect those on hybrid contracts to attend their base office a minimum of one day a week but the exact degree of choice you have will depend on your role and your day-to-day work activities and should be agreed through discussions with your line manager.

Job description:

You'll identify the right places to leverage controls at all stages and lead in moving to a secure-by-default approach that ensures vulnerabilities are caught as early as possible and either eliminated entirely, or that through other measures such as the implementation of detective controls, the risk of these is managed to levels that senior stakeholders are willing to accept.

You'll get to lead in the selection of the right tools and controls and be instrumental in their implementation, not only technically, but at an organisational resourcing capacity, too.

You will become the leading authority on Application Security within Companies House, serving as not only a highly technical Subject Matter Expert to technical colleagues such as Developers and Architects, but also able to translate the risks associated with vulnerabilities to terms stakeholders, who may not have an IT background, will be able to understand and grasp the importance of.

You'll initially be facilitating an OWASP SAMM assessment to determine where our current maturity is against a recognized framework.

This will periodically be revisited by your re-assessments against it to measure our continued progress, as the environment and our organizational needs change.

You'll thrive on the constant stream of developments in Application Security and will be continually updating your skills and knowledge, to address the exciting and rapidly-changing threat landscape.

You'll work with the Head of Development, Development Leads and dedicated Learning and Development colleagues, to help ensure that awareness of Secure coding techniques and the comprehension of the importance of the necessary detective and preventive controls, permeates right across Development and related areas.

As well as directly supporting our in-house Developers yourself, you'll help colleagues in Vendor Management and Procurement, by ensuring that comparable controls are included as a matter of course in contracts and other vendor-related articles, where development is being performed by third party delivery partners.

Similarly, on a technical level, you'll identify key points within the SDLC and code check-in processes to build in mechanisms to provide suitable independent assurance of the security of code originating within third parties.

Person specification:

We're changing as an organization and we're looking for someone who can help lead us in ensuring that Application Security is one of those things that post-change, our organization is class-leading in.

You'll be a self-starter, empowered and able to seek out and strike up the necessary relationships within adjacent Professions and the Senior Risk Owners you ultimately serve.

Although you will become our authority on all things AppSec, you won't be alone: We'll support you in your training and development required to really excel in the role.

As part of our broader Cyber Security team, you'll get to interact with lots of other professions and specialisations within Cyber Security, both with ourselves, other BEIS-partner organisations and central government more generally.

You would also get the unique benefit of being our lead contact with government colleague