We are looking for an Application Security specialist to join a technology security team within a public sector organisation, supporting the security posture of mission-critical applications.
What you'll do:
- Conduct threat modelling and establish threat profiles for application projects to identify and remediate security risks
- Perform application security assessments using SAST tools such as Fortify-on-Demand and SonarQube
- Integrate automated security testing into CI/CD pipelines in collaboration with development and DevOps teams
- Track, manage and drive timely remediation of identified security vulnerabilities
- Deliver security awareness training to internal stakeholders
- Engage with diverse stakeholders across technical and non-technical functions
What we're looking for:
- At least 3 years of combined experience across software development, application security, and cloud (AWS preferred)
- Familiarity with API architectures (REST, SOAP) and protocols (SSL/TLS)
- Strong grounding in security frameworks and standards, including OWASP Top 10 and ASVS
- Hands-on experience with DevOps tooling (GitLab, GitHub, Ansible) and CI/CD workflows
- Experience working in or with Government Commercial Cloud (GCC) environments is an advantage
- Relevant certifications a plus: CISSP, OSCP, AWS Security, AWS DevOps Engineer, or equivalent
