Head of Application Security - West Midlands (Region), United Kingdom - Akkodis
Description
Job Title:
Head of Application Security
Location:
West Midlands
Duration:
Permanent
Salary:
£75,000- £90,000
Primary Responsibilities:
- Defining developer secure coding practices and ensuring that developers and QA/test personnel are trained with the appropriate level of security knowledge to perform their daily activities;
- Improving and maintaining secure development standards;
- Managing penetration testing services, including delivering a continuous penetration testing programme and driving remediation;
- Supporting supplier security activities to ensure thirdparty software development meets company security standards;
- Integrating threat modelling practices into the product/software development lifecycle;
Key Dimensions:
- The role holder must be able to work with and influence developers, suppliers, QA/test, and Project/Programme delivery colleagues across the whole company eco system. Strong leadership skills and effective management of highly technical individuals is critical.
- Excellent verbal and written communication skills, including experience speaking to leadership and technical colleagues, and writing technical documents
Professional Experience:
- Familiarity with waterfall and agile development processes, and experience of integrating secure development practices into both methods.
- Ability to work at senior level and ensure that tactical activity supports the strategic picture.
- Commercial experience from product selection through to vendor relationship and service management.
- Agility of thought and comfort with complexity, together with the patience and resilience to overcome change inertia.
- The will to succeed in support of the business' goals and to align potentially competing agendas to effectively manage cyber security risk within the business risk appetite.
- Familiarity with a variety of development and testing tools (SAST and DAST), for example; Visual Studio, Tenable/Nessus, Git, Azure DevOps Pipelines, SonarQube.
- Ability to explain vulnerabilities and weaknesses described in commonly used frameworks, for example; OWASP Top 10, WASC TCv2, and/or CWE 25 to any audience, and to discuss effective defensive techniques.
- Familiarity with industry standards and regulations e.g.; PCI, ISO27001, NIST, etc
- Preferred or willing to work towards recognised security related qualifications (e.g. CISM, CISSP).
More jobs from Akkodis
-
Senior Business Manager
Bristol, United Kingdom - 1 week ago
-
Project Manager
Birmingham, United Kingdom - 4 days ago
-
Oracle HCM Manager
Manchester, United Kingdom - 6 days ago
-
IT Sales Specialist
Sheffield, United Kingdom - 1 week ago
-
SuccessFactors Senior Manager
Manchester, United Kingdom - 1 day ago
-
Senior Server and Networks Engineer
Birmingham, United Kingdom - 1 day ago