Application Security Engineer

  • Full-time
  • Business Areas: Technology Services
  • Location: Manchester
  • Department: Enterprise Architecture

Job Description

We are recruiting an Application Security Engineer to enhance the security of the software we develop in house, reduce technical debt, and ensure the third-party solutions we use are implemented securely.

As an Application Security Engineer, you will be the expert in the security tooling within our CI/CD pipelines.  You will join the Enterprise Architecture team, working with architects, Information Security, and agile development teams to make code and process changes that continuously improve the security of our software.   

What does the job involve?

  • Working with agile development teams to embed security tooling (static analysis, SCA and container scanning) into our CI/CD pipelines.
  • Working with Information Security and Architects to define security standards.
  • Perform application security testing to identify new vulnerabilities.
  • Prioritising the resolution of security vulnerabilities across all agile development teams.
  • Develop and implement fixes collaboratively with agile development teams.
  • Perform design reviews and threat modelling.
  • Carrying out internal security reviews both solutions we develop in house and third-party solutions.
  • Train, advise and mentor agile development teams to improve security awareness and practices.

Technical skills

Essential:

  • Using and embedding security tooling (static analysis, SCA and container scanning) within CI/CD pipelines.
  • Developing services and APIs with C#, .NET core, MongoDB and/or SQL with techniques such as domain-driven design and MVC.
  • Web development with Angular/React/VueJs.
  • Performing security testing.
  • Secure development practices.
  • Using a git-based source control system.

Desirable:

  • PHP MVC (Zend or Laravel or Symfony)
  • Docker and container orchestration tools
  • Event-driven Microservices
  • Developing and securing solutions on AWS 

Competence, knowledge, and skills

Essential:

  • Experience working in an Agile and DevOps environment
  • Excellent communication and documentation skills
  • Planning, organisation, and time management skills
  • Strong analytical and problem-solving skills

Desirable:

  • Educated to degree level
  • Professional security qualifications
  • AWS Certified Security – Specialty (or other AWS qualifications)
  • Previous experience working in an e-commerce and/or financial services business

About us:

AJ Bell is one of the fastest-growing investment platform businesses in the UK, with over 418,000 customers using our award-winning platform propositions to manage assets totaling more than £74.1 billion. Having listed on the Main Market of the London Stock Exchange in December 2018, AJ Bell is now a FTSE 250 company.

Headquartered in Manchester with an office in central London, we now have 900 employees and have been named one of the Sunday Times ‘100 Best Companies to Work For’ for three consecutive years.

Benefits:

  • Regular remote working
  • Discretionary bonus scheme
  • Buy as you earn share scheme
  • Contributory pension
  • Pay-day drinks on our 7th floor roof terrace
  • 24 days holiday increasing to 30 with length of service
  • Holiday buy scheme
  • Enhanced maternity and paternity
  • Death in service cover
  • Confidential 24/7 365 employee assistance helpline
  • Free onsite gym and trainer led classes (yoga, Pilates, boxercise, circuits)
  • Paid volunteering days
  • Bike loan scheme
  • Season ticket loan portal
  • Plus, much more

This role is available under our hybrid working scheme. Ideally we're looking for people who are within commuting distance of one of our offices however for certain roles we can consider UK-based candidates who are further away - ask the recruitment team for more information. Please note, we are unable to provide employment sponsorship to candidates at this time.

Privacy PolicyImprint