Senior Application Security Specialist

  • Date Posted:
    22 Mar 2019

Description:

Employment Opportunity

Senior Application Security Specialist

TRAYPORT

Trayport is a leading provider of energy trading solutions. We develop, deploy and support quality, resilient software for trading in multiple asset classes in cleared and OTC markets. Trayport’s software is used by the world’s largest trading companies in high profile markets that include derivative and cash instruments.

We are a rapidly growing business, achieving consistent profitability and year on year growth. We have appeared in the Deloitte Technology Fast 50, Forbes and topped the Sunday Times Tech Track league of companies. We pride ourselves on being a leader in our field, building the best trading systems to support our clients' needs throughout the world.

Responsibilities

  • Conduct security architecture design reviews with development teams as a subject matter expert to ensure that appropriate security controls are implemented, ensure secure by design approach is maintained in SDLC.
  • Conduct application security assessments and penetration tests (client applications, web applications, web service, API, etc.) to verify security posture of systems.
  • Conduct assessments based on context of applications using manual/automated testing and analysis techniques. We expect you to have experience conducting assessments with appropriate toolsets and be versatile based on application context, i.e. leveraging BurpSuite for a web application or custom built fuzzing tools to verify protocol implementations.
  • Document identified findings with established severity rating framework, provide recommendations for potential short term mitigation and long term remediation options to stakeholders.
  • Communicate issues to stakeholders across the business to manage security posture of applications according to Trayport C.I.A goals.
  • Lead application security related initiatives, such as continuous improvement of Trayport security posture by improving the SDLC, standardisation of secure implementations that can be leveraged across application suite etc.
  • Review current threat landscape by monitoring the latest developments in the security industry, vulnerability notifications from threat intelligence sources or CVE advisories according to impact to Trayport infrastructure/application suite.
  • Assist Trayport’s Operational Security and provide support for the team on key security initiatives (e.g. annual phishing awareness tests, SIEM improvements, general security domain activities).
  • Provide on-the-job training and mentoring to other members of the Trayport team.

Skills and Experience

Technical Skills

  • Several years of experience of performing security assessments web and/or service based applications, preferably hands-on blue team experience with financial applications that are internet facing.
  • Knowledge of OWASP Top Ten/SANS 25 issues and understanding the best practice software engineering approaches to prevent issues.
  • Experience performing application security testing using manual/automated techniques leveraging internal knowledge sources such as talking to development teams and review of source code to maximise coverage.
  • Experience with conducting fuzz testing and have an establish security assessment methodology.
  • Experience working with C#, .NET, .NET Core, C++ applications.
  • Understanding of the latest vulnerability classes, awareness of the techniques observed in the wild to compromise systems, ability to simulate for testing exercises across infrastructure/systems.
  • Ability to write tools to assist with application security testing coverage, experience with rapid instrumentation tools such as Frida or leveraging in-house development code – desirable/useful.

Soft Skills

  • Honesty and integrity.
  • Solid verbal communication and written skills.
  • Willingness to do hands-on, highly technical work.
  • Desire to learn new things, perform research where required to identify risk based on Trayport initiatives.

Desireable Certifications

  • OSEE, OSCE, OSWE, GXPN, GWAPT, OSCP, GPEN or equivalent.

 

 

 

 

Benefits:

  • 25 days Holiday
  • Flexible working
  • Health and Well Being Allowance
  • Annual Weekend Away
  • Cycle to work scheme
  • Staff Kitchen with free daily breakfast
  • Weekly Exercise Clubs
  • Hackathons and Tech Meetups
  • Heart of the city location
  • Excellent Bonus Scheme
  • Highly competitive pension scheme
  • Return to work bonus
  • Enhanced Maternity & Paternity Scheme
  • Healthcare & travel insurance, life assurance
  • Referral bonus
  • Give as you earn scheme