Connecting to LinkedIn...

AppSec engineer

Job Title: AppSec engineer
Location: Welwyn Garden City
Salary: Not Specified
Reference: WRT-2021-02-19-4E5159AA93C8
Job Published: March 02, 2021 11:54

Job Description

Job Description

The main mission of the AppSec engineers is to help us build secure systems by embedding security in our SDLC. You will achieve this by providing expertise and guidance, working closely with the development teams, central AppSec function, InfoSec team and Security Chapters. We are currently creating a centralised team of AppSec Engineers with different skills sets and levels of experience, providing services to different streams.

As part of the AppSec team you will do the following:

  • Working with development teams to provide them with help and guidance on addressing cybersecurity threats

  • Conducting threat modelling sessions and security code reviews, and training development teams on how to run them

  • Participating in security issue management processes

  • Educating and supporting development teams perform security activities

  • AppSec tooling and integrations like security issue tracking and SAST tools

    As an AppSec engineer you will be involved in supporting teams of software engineers including security practices to their SDLC and maintaining the AppSec tooling integrations.

    The roles and responsibilities performed by the AppSec team are:

  • Working with teams to provide them with help and guidance on addressing cybersecurity threats

  • Conducting threat modelling sessions and training teams on how to run them

  • Participating in security issue management processes

  • Assisting engineering teams with organising penetration testing by dedicated pentest partners

  • Educating and supporting teams perform their security code reviews

  • Oversee in-stream use of vulnerability detection and reporting tools

  • Auditing, providing teams with feedback and guidance about their security activities (threat modelling, code reviews, SDLC practices)

  • Keep updated the SDLC security guidelines

  • Research security best practices in other organisations

  • Keeping abreast of new vulnerabilities and attack vectors, and associated countermeasures

Candidate Description

  • Strong interest in application security

  • Demonstrable programming ability with an in-depth understanding of underpinning techniques

  • Experience in the full Software Development life-cycle from design to deployment

  • Ability to work in a geographically dispersed team

  • Strong communication skills and ability to influence engineering behaviours

  • Interest in continuous learning

    Nice to have but do not feel hesitant to apply if you don't.

  • Experience as an Application Security Engineer

  • Knowledge of backend and frontend web application vulnerabilities

  • Knowledge of cloud environments

Employer Description

Ocado Technology is putting the world's retailers online using advanced artificial intelligence, robotics, big data, the cloud and IoT. We develop the innovative software and hardware systems that power, as well as the unique 'Ocado Smart Platform' which is being implemented by ambitious retailers across the world from Europe to America, Asia and beyond. With everything from websites to highly automated warehouses that we design in-house, our employees are skilled specialists with expertise across a wide range of technologies, working on cutting-edge innovations that are shaping the future of our society.

We are a fast- growing company: today we have colleagues in 7 development centre across the UK and Europe, with offices open in London, Hatfield, Welwyn Garden City (UK), Krakow, Wroclaw (Poland), Sofia (Bulgaria) and Barcelona (Spain), with a satellite office in Stockholm (Sweden).

We champion a value-led culture to get our teams working at their very best and to help create a collaborative working environment with inspiring projects that our people love. Core values of Trust, Autonomy, Craftsmanship, Collaboration and Learn Fast help drive our innovative culture. But don't just take our word for it, have a look at what our people are saying about us on Glassdoor., Thank you for your assistance. What best describes your gender? Male Female Non-binary Prefer not to say Prefer to self identify Is your gender identity the same as the sex you were assigned at birth? Yes - my gender identity is the same as at birth No - my gender identity has changed Prefer not to say Are you married or in a civil partnership? Yes No Prefer not to say What is your age? 16-24 25-29 30-34 35-39 40-44 45-49 50-54 55-59 60-64 65+ Prefer not to say "What is your ethnicity? Ethnic origin is not about nationality, place of birth or citizenship. It is about the group to which you perceive you belong. Please select the appropriate box" White Black English Welsh Scottish Northern Irish Irish British Hispanic Aboriginal Gypsy or Irish Traveller White and Black Caribbean White and Black African White and Asian Asian/Asian British Indian Pakistani Bangladeshi Chinese Arab Prefer not to say Other Do you consider that you have a disability under the Equality Act or another health condition? Yes, I have a disability Yes, I have a health condition Used to have a disability but have now recovered Used to have a health condition but have now recovered No Don't know Prefer not to say What is the effect or impact of your disability or health condition on your ability to give your best at work? Please write in here What is your sexual orientation? Heterosexual/Straight Gay Man Gay Woman/Lesbian Bi/Bisexual Prefer not to say Other What is your religion or belief? No religion or belief Buddhist Hindu Jewish Muslim Sikh Catholic Christian Prefer not to say