Excellent opportunity for a Application Security Engineer based in Belfast.
Title: Application Security Engineer
Think Technology- Think Allstate
We build solutions that touch 16 million customers on a daily basis.
You will work alongside people as passionate as you, focused on delivering the best possible user experiences.
You will work in a highly collaborative environment primed to adapt to an ever-changing landscape and which places technology solutions at its core.
You will thrive, you will think differently, you will challenge convention and have the freedom to act with integrity, intention and speed; you will be at the forefront of developing capabilities in support of Allstate’s global business model; you will deliver results and you will leave things better than you found them.
Location – Belfast
The Application Security Engineer will be responsible for integrating security into the development of Allstate’s applications. The Application Security Engineer will work closely with the Consumer Technology product and software development teams to threat model, vulnerability scan, and pen test the early software, system, and network architecture and identify required control points in the application stack. The Application Security Engineer will also work closely with developers to diagnose, document, and remediate application security vulnerabilities. The Application Security Engineer will also be responsible for evaluating, recommending, and implementing application security related software in an automated continuous integration/deployment environment.
Responsibilities include (but aren’t limited to):
- Work closely with application development and platform teams to help formulate and implement a strategy for software security that is tailored to the specific risks facing the organization, including threat modeling and applications security advisement services.
- Develop and maintain a balanced application security program based on a well-defined application security framework
- Conduct application security assessments / penetration tests and implement tools for dynamic/automated code reviews.
- Ensure application design and implementation best-practice with role-based and appropriate access standards, as well as integration with Identity and Access Management environments.
- Ensure compliance with society, regulatory, and industry standards for application security.
- Continuously evaluate the organization’s existing application security practices, define and measure security-related activities, and demonstrating concrete improvements to the application assurance program within the organization.
- Provide secure application development training to developers and provide guidance on the development of web-based training for ongoing awareness.
- Conduct code reviews and penetration testing
- Develop and maintain unit and integration tests designed to ensure security controls are tested on every build.
- Must be an EU citizen or possess a current UK Tier 1 Visa or Tier 2 visa and eligible to take up full time, permanent employment. EU candidates must also demonstrate they are eligible to take up UK employment post-Brexit.
- 5 years’ experience in a software development field such as Software Developer, Architect or Application Security Engineer.
- Highly proficient in at least one of the following development languages: Java, .NET, Node.js, or Pytho
- Possess a strong understanding of application architectural patterns, such as MVC, Microservices, Event-driven etc.
- Possess strong business acumen with ability to work with application development, QA and security teams.
- Creative, organized, responsive, and highly thorough problem solver
- Knowledge of the OWASP Top 10
- Strong self-starter who has the ability to operate independently.
- Has solid understanding and experience with establishing software development policies across an organization.
- Excellent oral/written presentation skills with ability to communicate effectively with senior executive leadership; proficiency in preparation of presentations, analytical reports, and documents regarding program operational status, achievement and performance.
- Understanding and Passion for Agile/XP/Scrum/Kanban
- Understanding of Test Driven Development built on User Stories
- Understanding of Continuous Integration/Testing/Delivery
- Familiarity with Metasploit, Burp Suite, Fuzzing, Gaunlt, and Jenkins is preferred
- Familiarity with code reviews and penetration testing preferred.
- College degree with advanced degree preferred.
- OSCP, OSCE, or OSWE Certifications are a major plus.
To apply for this role please click on the APPLY NOW button below to be directed to the company website.
Closing Date: Friday 18th October 2019
Statement on Fair Employment and Equal Opportunities:
Allstate NI wishes to ensure equal opportunity is given to all job applicants. This company will not discriminate on the grounds of race, gender (including gender reassignment status), sexual orientation, religious belief, political opinion, marital status, age or disability.
We are an equal opportunities employer. We welcome applications from all suitably qualified persons. However, as women are currently under-represented in our workforce, we would particularly welcome applications from women. All appointments will be made on merit.
Applicants should note Allstate NI complete AccessNI background checks on all candidates offered a position.