Application Security Lead

Job Tags

Industry

Application Security Lead  — Group Operations & Tech

AND Digital is a fast growing, tech consultancy.

Our Business

We believe in empowering people with the knowledge they need to unlock the full potential of technology. We’ve grown rapidly through the skill and commitment of our team, but we’re not slowing down and we’re certainly not stopping. Our work delivering for clients and building a remarkable workplace culture has been widely recognised across the industry.

We are on a remarkable journey, with global expansion alongside significant growth in scale means that all of our team have the opportunity to make an impact.

Our Clubs

AND Digital is organised in a unique and special way. Our fee earners form part of a small, tight knit team called a Squad. Six of those squads plus a small management team and a team of specialist technical leads, make what we call a Club. Our Clubs have their own physical space and Client Portfolio, with the benefit of a strong and unique company-wide culture. The Club model has been carefully designed to achieve the best of both worlds: the attentiveness and empowerment of a small nimble company AND the clout and growth of a larger organisation.

Bringing it together

Our clubs are supported by a range of teams helping empower and support our leaders, people and clients. From marketing, recruitment, onboarding and academy to IT, commercial finance and legal. Whilst some services are provided regionally, legal, IT and commercial finance operations are managed globally from the UK in our Group business unit. Our Global Operations & Tech (GO&T) team in which the AppSec role resides are scaling up for the future and providing business critical risk management and operational services to our business. 

You will provide the lead on Application Security approaches

You will be responsible for developing, supporting and growing the Security Champions programme and supporting Application Security initiatives in our rapidly growing business. Along the way you will be responsible for assessing its success, improving it and working with Group teams and specialist suppliers to stay ahead of the threats. You will also work with the Global Operations team to support the ‘Standards’ programme that is aimed to increase the Security and Quality standards across AND Digital. 

You get our unique culture

All of our teams promote and protect the brand, culture and values that make us so remarkable. People are at the heart of our business, and are actively engaged in shaping the business with employee representation on our board, fully inclusive share ownership scheme and our unique organisation structure designed to deliver a real human touch in this tech world.

As a result, we are regularly recognised for excellence – including the UK’s top 25 Best Large Companies to work for, Technology’s Top 10 Best Companies to work in 2021 and more recently being placed 2nd in the Glassdoor Best Places to work in the UK 2022.

You’re part of our Digital world

We’re a Tech Company. You’ll be working with technical delivery teams. We might not expect you to code in this role – but you will need to have a strong background in application delivery from a technical perspective. Being from this world and passionate about digital will help you to be successful. You will want to do things in the new way,

How we work

Our business is becoming global, but many of the people you will work with for now will be in the UK, with some growth in the Netherlands and USA. The approaches you support will be adopted all over the world as we grow – so may require occasional travel to support teams from across the business. 

We are looking for someone who is professional, has a can-do attitude and good with detail and tech and is able to see the big picture. This person will be proactive, get involved and support the development of AppSec quality and risk management processes.

Role Outline

  • As the AppSec Lead, you will play a critical role in helping us build a secure culture and embed secure engineering practices.
  • You will support and develop a thriving community of Security Champions across the business
  • You will gather and summarise progress being made on Security Champion matters
  • You will lead the development and implementation of our Application Security Strategies, programs and roadmaps, ensuring they align with our risk appetite and industry standards. 
  • You will also be responsible for implementing “Secure by Design” processes and key initiatives around secure software delivery, and developing security controls and architecture principles.
  • When needed, you will work closely with the development and engineering teams, supporting them on security matters within the SDLC process 
  • Act as the point of contact in the business for all Application Security queries and act as the security advocate for the other Group IT and Security functions. 
  • Collect, review and share relevant information security news & CVE’s with security champions network making them aware of high risk vulnerabilities and ensuring appropriate projects are validated. 
  • As the SME of Application Security within the business, you will work across a variety of different teams to provide guidance and support on all things AppSec (including internal teams). 
Skills / Experience

  • 5 to 7+ years experience working as an AppSec professional with a passion for technology and a drive to make a real impact.
  • Experience with Threat modelling, including running threat workshops and training others in effective threat modelling practices. 
  • You will have a strong understanding of secure software development principles and a proven track record in leading the implementation of AppSec programs. 
  • You will be an excellent communicator, able to deliver technical training, build strong relationships with a wide range of stakeholders, and be able to balance technical expertise with business acumen.
  • You will ideally have experience of standards certification to ISO-27001, ISO-22301, CyberEssentials Plus, NIST, OWASP ASVS, OWASP Top10 and other relevant security standards. 
  • Experience in software development and related technologies surrounding the software development lifecycle including CI systems, SAST, DAST & SCA Systems would be beneficial
  • Certifications (or working towards) one or more of the following areas are highly desired: CSSLP, CISSP, CISM, GISO, GCIH, Comptia Security+
  • You will demonstrate a passion for learning more in the security domain
AND the best of the rest

After going through our ANDuction, you will be ready to enjoy the many benefits of being an ANDi!

  • Competitive package, with share/equity participation early on
  • Flexible benefits and a great mix of office and home working
  • Join a growing, professional and driven team that is closely knit and supportive
  • Make a huge impact in creating a unique company
  • Training time every year to learn, develop and grow
  • Part of a team focused on Global Growth
  • Be valued and learn lots
About the company

We’re looking for bright, digitally minded people to join us..

We are a passionate group of technologists who live and breathe everything digital. We have our ears to the ground for new tech and are the first to experiment and try something different. We are looking for individuals ready to come together to push boundaries and create the future of digital with our clients.

Ouindex 2024 © All rights reserved