Application Security Engineer

An exciting opportunity has arisen for an Application Security Engineer to join our growing Cyber Security function.

You will be responsible for working closely with our product and development teams across Admiral Money. You will be a critical part of improving our development processes and embedding a Secure by Design and DevSecOps culture. This will require identifying security requirements and risks in our development activities, supporting delivery of those improvements, and helping to provide assurance back to the business. You will continue to support our “shift left” ensuring we manage risk and embed security earlier into our agile development lifecycle and drive forward improvements to our CI/CD pipeline. You will be an organised, enthusiastic self-starter, a problem solver and to top it off a great communicator, able to liaise and directly manage any third parties that might be involved in the delivery of our security services to the business.

About Admiral Money

Admiral Money is an exciting, new division of Admiral Group. We have the freedom and innovation of a small start up with the security of a large parent company, Admiral.

The journey started when we launched unsecured personal loans in June 2017. We went on to be the first direct to consumer car finance provider in December 2017. Since then, we have gone from strength to strength and have some exciting plans for the future.

We’re looking for people who are keen to learn, excited about getting stuck in and are ready for a challenge to help us to achieve our aim of creating a special lending business for our customers.

Responsibilities 

The role involves working as part of an agile cyber security team within a growing and fast-moving business. Responsibilities will include:

• Working with other tech teams to promote a robust security posture across development and operational processes - ensuring that security is an integral part of the software development lifecycle.
• Conducting assessments of application architecture to identify and address security vulnerabilities.
• Analysing code to identify and remediate security weaknesses.
• Overseeing regular security testing on applications and systems.
• Collaborating with the development, platform, and product teams to create threat models, identifying potential security threats, and implementing countermeasures.
• Assisting with the development of training and awareness programmes to enhance the understanding of secure coding and deployment practices across the organization.
• Implementing, managing, and monitoring of security tools within development and deployment processes to automate security testing and drive efficiency.
• Continuously monitoring and evaluating emerging threats and security trends and proposing and implementing improvements to security measures.
• Creating and maintaining documentation and metrics relating to application security including reports, runbooks, dashboards and KRIs.

Core Requirements

• Act as a subject matter expert for our development teams and other stakeholders, providing advice and guidance on security best practices.
• Proficiency in multiple programming languages.
• In-depth understanding of secure by design development practices.
• Experience with vulnerability assessment, pen testing, and vulnerability remediation within the domain of application security.
• Familiarity with threat modelling and risk assessment methodologies.
• Understanding of common attack vectors and mitigation strategies.
• Familiarity with secure software development life cycle strategies including CI/CD pipelines.
• Effective communication skills and the ability to work as part of a team to drive security and promote ‘shift-left’ within a multi-team environment.
• Experience with security testing tools such as SAST, DAST and IAST.
• Familiarity with agile development methodologies and frameworks.

Desirable Requirements

• Industry certifications such as CISSP, CSSLP, CSSM etc.
• Degree in a related security or software development field.
• Familiarity with node.js and Go languages.
• Knowledge of cloud security and containerised technologies including Kubernetes.
• Knowledge of regulatory requirements specific to financial technology companies.
• Familiarity of security compliance standards such as ISO, OWASP, MSDL and NIST.
• Experience with PowerBI and/or other data-visualisation platforms.

Salary, Benefits and Work-Life Balance

At Admiral, we are proud to be a diverse business where we put our people and customers first. We have great benefits to ensure employees have a great work-life balance; it's one of the reasons we’re consistently voted one of the Sunday Times Best Big Companies to Work For in the UK.

All colleagues will receive 33 days holiday (including banks holidays) when they join us, and this will increase with length of service, up to a maximum of 38 days (including banks holidays). You also have the option to buy or sell up to five days of annual leave in addition to your allocation.

You can also view some of our other key benefits here

Our Commitment to You

At Admiral, we are committed to being a diverse and inclusive workplace. Admiral is proud to be an equal opportunities employer and does not discriminate on the basis of race, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), national origin, gender, gender identity, sexual orientation, disability, age, or any other legally protected status.

All qualified applicants will receive equal consideration.

#LI-LCC1 #LI-Money