Senior Application Security Analyst
We are looking for a Senior Application Security Specialist to join our Application Security Team within the CISO department as part of the Security Consultancy & Design team. You will enjoy working in a technical and creative environment helping lots of different technical teams find the right approach to application security, helping to turn secure application development into business as usual.
The main focus of this role is to support our security specialists and mangers as an SME for Application Security and work towards the delivery of both technical and non-technical change initiatives lead by both business and internally within CISO; the role will involve engagement with partners from across all areas of the Aviva business and its suppliers globally.
Duties & Responsibilities
You will undertake application end-to-end security testing and security reviews of business-critical applications and infrastructure
You will get to understand the architecture of applications including identifying appropriate security controls where applicable
You will need to be experienced in performing security tests across applications in an agile environment, on a varied technology stack including 3rd party libraries and mobile applications (Android, iOS), web services (REST, SOAP), thick client and thin client applications
You will develop and maintain secure coding and testing standards and guidelines using your strong knowledge on application security vulnerabilities OWASP top 10, SAN top 25
You will work with the development and testing community, providing SME advice to understand and remediate coding vulnerabilities of applications implemented in various programming languages
You will support the development teams in identifying false positives in code scanning reports and maintaining our SAST tool rulesets
You will also develop tools to automate certain application security tasks
Skills & Experience required
You require experience in the use of Penetration testing tools (MetaSploit, Burp Suite, Nessus, etc) and one or more of the development technologies including Microsoft .Net, Java, J2EE, Python, Apple IOS or Android
You will hold a professional qualification in Information Security (CISSP, CISM or similar) and a professional qualification in Penetration Testing (e.g. CEH/ GIAC GPEN/GWAPT or OSCP)
You will have in-depth knowledge of information security governance processes and practices, including ISMS monitoring and control frameworks such as, ISO, ISF and COBIT, their relationships to other frameworks and their application within a financial services environment or other highly regulated industry
You will have a deep understanding of the Secure Development Lifecycle and how it works in an agile environment and a good understanding of security architecture principles and processes
You will be able to evaluate functional and technical specifications early within the software development life cycle and identification possible threats or areas of weakness based on the documentation
A good knowledge of IT Operations procedures and standard methodologies and deep understanding of application threats is also required for this role
What will you get for this role?
- Competitive salary depending on skills, experience and qualifications
- Generous defined contribution pension scheme
- Annual performance related bonus and pay review
- Minimum holiday allowance of 25 days plus bank holidays and the option to buy/sell up to 5 additional days
- Up to 30% discount for some Aviva products through “My Aviva Extras” plus discounts for Friends and Family
- Excellent range of flexible benefits to include a matching share save scheme
Bring to Aviva what makes you different and we’ll support you to do the best work of your life. We encourage applications from everyone who wants to help us achieve our purpose of helping our customers to Defy Uncertainty.
One of Aviva’s core values is Care More, and this is brought to life through the flexible ways we like to work. This may include working from home some of the time, or flexible work schedules to accommodate parent and carer responsibilities, further studies and hobbies.
As a disability confident employer, we guarantee to interview anyone with a disability, (As defined in the The Equality Act 2010) whose application meets the minimum criteria for the post. (By ‘minimum criteria’ we mean that you must provide us with evidence which demonstrates that you generally meet the level of competence required, as well as meeting any of the qualifications, skills or experience defined as essential).
Please apply through the website and then notify us that you meet the conditions for the guaranteed interview scheme.
We prefer all applications to be submitted online, however if you require an alternative method of applying please contact Ali Aurakzai in the Resourcing team at Ali.Aurakzai@Aviva.com