Proposed Salary Depend
Career Level Staff
Experience 3 Years
Industry Information Technology
Qualifications Bachelor's Degree
Belfast / Derry / Londonderry / Strabane
Your role in the team
Allstate is embarking on a journey to integrate security inside the software development lifecycle.
Application Security is tasked with developing a security framework within the Allstate SDLC, establish a software security assurance process, and work with product delivery teams to build applications securely from start to finish.
The Application Security Engineer team assist in integrating security into the development of Allstate’s applications. As an Application Security Engineer, you will work closely with the product and software development team to threat model, vulnerability scan, and pen test the early software, system, and network architecture and identify required control points in the application stack. The Application Security Engineer will also work closely with other developers to diagnose, document, and remediate application security vulnerabilities.
Responsibilities include (but aren’t limited to):
- Work closely with application development and platform teams to implement software security that is tailored to the specific risks facing the organization, including threat modeling and applications security advisement services.
- Conduct application security assessments / penetration tests and implement tools for dynamic/automated code reviews
- Provide secure application development training to developers and provide guidance on the development of web-based training for ongoing awareness.
- Conduct code reviews and penetration testing
- Develop and maintain unit and integration tests designed to ensure security controls are tested on every build
So, what are the essential criteria to apply?
- Minimum of 2 years’ experience in a hands-on technical role within the Software Development Lifecyle such as an Application Security Engineer, Application Developer, Architect or Software Quality Assurance / Testing
- Experience with at least one program language such as Java, .NET, Node.js, Go.
- Have a hacker / pen tester mindset or an interest in security
- Knowledge of DevOps or DevSecOps
- Understanding of Agile/XP/Scrum/Kanban
- Understanding of Continuous Integration/Testing/Delivery
- Must be a UK/RoI/EU citizen or possess a current UK visa and eligible to take up full time, permanent employment. EU candidates must also demonstrate they are eligible to take up UK employment post-Brexit
We also have some desirable criteria
- Organized, responsive and highly thorough problem solver
- Thorough knowledge of the OWASP Top 10
- Practical understanding and use of commercial application security tools
- Self-starter who has the ability to operate independently.
- Oral/written presentation skills with ability to communicate development teams
- Familiarity with Metasploit, Burp Suite, Fuzzing, Gauntlet, and Jenkins is preferred
- College degree with advanced degree preferred.
What we offer
As Digital DNA’s Workplace of the Year 2020 winners, we offer a generous benefits package that includes flexible annual leave entitlement, dental and healthcare insurance, an attractive pension package and discounts on gym memberships, public transport and parking.
Allstate invests heavily in your development, as an employee you will have access to multiple world-class learning platforms and courses from our award-winning in-house Learning & Development team.
We pride ourselves in providing clear career paths and opportunities for internal mobility allowing you to further develop within the organisation.
We encourage a better work life balance and you’ll have the opportunity to apply for various flexible working arrangements.
Closing Date: Friday 23rd October 2020