Application Security Engineer

The Opportunity

In your role as Application Security Engineer, you will be joining the Application Security (AppSec) team within our Information Security department. This is a highly collaborative role, engaging and working with other teams (e.g., other Security Disciplines, Engineering and Cloud Operations, etc.) across our business. As part of this dynamic role, you will be covering all aspects of Application Security with great opportunities for skill development and professional growth.

You will help us achieve our goals and deliver success on behalf of our customers by:

• Contributing as well as guiding other AppSec team members to help enhance the security of our internally developed software products
• Ownership of security related investigations and research into vulnerabilities and other security issues, providing the appropriate recommendations to the relevant teams to mitigate and resolve the issue
• Significantly contribute to our continuous product and application security reviews
• Lead internal penetration tests against our products and services

This role can be based remotely across the UK, however living within commutable distance to our Cambridge office is a definite plus! If you’re based remotely, you will ideally be happy to travel to our Cambridge office several times throughout the year.

Day to Day

• Ownership of security tools and solutions like Software Composition Analysis (SCA), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and other security testing automation tools, and their configurations, effectiveness, utilization, and integration into the secure SDLC
• Provide significant contribution towards our vulnerability programme, primarily reviewing and researching identified vulnerabilities
• Regularly engage with the security community for public-facing security issues, as well as to learn new tactics that can be used in testing
• Integrating security practices into the software development lifecycle to ensure security is considered at every stage of development
• Mentoring and educating other members on the team

About you

Must haves:

• Understanding of secure coding principles and best practices to prevent vulnerabilities in software development
• Strong knowledge of vulnerabilities, especially web application vulnerabilities, and techniques to mitigate them
• Proficiency in using and maintaining security testing tools such as static analysis, dynamic analysis, and interactive application security testing (SAST, DAST, IAST)
• Ability to identify, prioritize, and remediate security vulnerabilities in applications
• A commitment to ongoing learning and staying updated on the latest security trends, tools, and techniques
• Strong collaborative and teamwork skills, working with other teams
• Experience in mentoring and educating other team members
• Effective communication to work collaboratively with development teams, management, and stakeholders on security-related issues
• Experience in performing penetration testing to identify weaknesses in applications, writing penetration testing reports, and collaborating with development teams to remediate findings

Great to haves:

• Knowledge and experience in securing cloud-based infrastructure (especially Kubernetes)
• Knowledge of securing the CI/CD pipeline to ensure the safety of code deployments
• Knowledge of encryption algorithms, cryptographic protocols, and their proper implementation
• Ability to assess and prioritize potential threats to an application, considering its architecture and data flow (threat modeling)
• Knowledge of industry-specific security regulations and compliance requirements (e.g. PCI-DSS, SOC Type 2, etc.)
• Previous software development (i.e., coding) experience

Equal Opportunities

Here at Featurespace we are committed to being a place of equality, inclusion and respect to provide a safe environment for you to bring your authentic self to work. We know that we gain as much strength from our differences as we do our similarities. We value diversity and are dedicated to listening and learning from each other to build and maintain a positive and productive culture. We appreciate this will be an ever-evolving focus for the business to ensure everyone feels supported and has a sense of belonging.