We are seeking an experienced Application Security Engineer to enhance our application security processes with a strong emphasis on business engagement. This role requires excellent communication skills to effectively interact with business unit leaders and executives. The ideal candidate will be responsible for static, SCA, and dynamic scanning, collaborating with software engineers, provide flaw mitigation recommendations, and implementing automated security controls throughout the development lifecycle and CI/CD pipelines. Ensure the Software Security Policy and Baseline requirements are met for new agile deliveries and for legacy estate with flaws and issues managed effectively throughout all stages of an applications' life.
Reporting Relationship
Reports to the Manager of Application Security
Key Responsibilities
Collaborate with software engineers and leadership to address security risks and provide mitigation recommendations within the Secure Development Lifecycle (SDLC).
Work closely with development teams to understand their needs and the risk profile for each application and customize solutions to meet the needs of the application
Collaborate on the implementation and management of SAST, SCA, DAST, and other scanning solutions to provide coverage for the application portfolio
Guide development teams through a review of their applications and risks against common application flaws (e.g., OWASP Top 10) and provide prioritized visibility to senior management along with context
Operate as an advocate for Security in interactions with internal and external teams
Work with Risk & Compliance teams on audits (e.g., SOC 2, PCI-DSS, HIPAA) and recommend relevant Application Security policy and procedures
Actively contribute to internal and external/client audits, ensuring compliance with security standards
Lead projects to implement security technologies enterprise-wide
Integrate 3rd party and build custom solutions into our CI/CD pipelines and development cycles.
Define security guardrails through automated tool policies, SLAs, custom rules, and support the developer community
Support the enterprise in managing vulnerabilities through automated tooling and security assessments
Work with Security Champions to build relationships and ensure key activities are supported and deliverables are achieved in a timely manner.
Support education and awareness strategy rollout for Development community.
Support the AppSec technical team in maximizing effective relationship with Business Units
Explore and engage in process improvement initiatives to enhance application security
Position Requirements
Education & Certification
Four-year college diploma or university degree in computer science or computer engineering, and/or 5 years equivalent work experience in application development.
CSSLP certification preferred.
Additional certifications in Application Testing Mechanisms are a plus.
Knowledge & Experience
5+ years direct experience in enterprise-level application security.
Proficiency with SAST, SCA, DAST, IAST, RASP tooling.
Experience in AppSec or DevSecOps.
Experience with CI/CD pipelines and cloud-based architectures.
Proven experience in overseeing the linking of cross-functional applications between disparate business units and systems.
Experience with business and technical requirements analysis, business process modeling/mapping, methodology development, and data mapping.
Strong understanding and background in MITRE, OWASP, SafeCode, risk management methodologies as they relate to integration/software testing.
Good project management skills and/or substantial exposure to project-based work structures, project lifecycle models, etc.
Strong understanding of end-user needs and requirements.
Excellent understanding of the organization’s goals and objectives.
Knowledge of cloud and GenAI security is an advantage.
Personal Attributes
Exceptional oral and interpersonal communication skills.
Additional Information
Why choose us?
Our colleagues’ health and wellbeing are a top priority for us, that’s why our reward, benefits and wellbeing programmes are designed so you can come to work feeling your very best self. Our benefits focus on health, money, and lifestyle so you can tailor your benefits to your own personal needs. Whether it’s your physical and mental wellness, getting to work or preparing for the next big milestone in your life, we have a range of flexible options to have you covered!
To learn more about our culture and what it’s really like to work here, check out our interactive guide here: https://view.pagetiger.com/experianguideforcandidates/1
Could this be the role for you? Apply now to start your journey with Experian.
Experian Careers - Creating a better tomorrow together
Find out what its like to work for Experian by clicking here