Application Security Specialist

  • Date Posted:
    22 Mar 2019

Description:

 Employment Opportunity

Application Security Specialist

TRAYPORT

Trayport is a leading provider of energy trading solutions. We develop, deploy and support quality, resilient software for trading in multiple asset classes in cleared and OTC markets. Trayport’s software is used by the world’s largest trading companies in high profile markets that include derivative and cash instruments.

We are a rapidly growing business, achieving consistent profitability and year on year growth. We have appeared in the Deloitte Technology Fast 50, Forbes and topped the Sunday Times Tech Track league of companies. We pride ourselves on being a leader in our field, building the best trading systems to support our clients' needs throughout the world.

Responsibilities

  • Conduct security architecture design reviews with development teams as a subject matter expert to ensure that appropriate security controls are implemented, ensure secure by design approach is maintained in SDLC.
  • Conduct application security assessments and penetration tests (client applications, web applications, web service, API, etc.) to verify security posture of systems.
  • Conduct assessments based on context of applications using manual/automated testing and analysis techniques. Keep up to date with the latest techniques / toolsets to perform coverage based application security testing.
  • Document identified findings with established severity rating framework, provide recommendations for potential short term mitigation and long term remediation options to stakeholders.
  • Communicate issues to stakeholders across the business to manage security posture of applications according to Trayport C.I.A goals.
  • Assist with application security related initiatives, such as continuous improvement of Trayport security posture by improving the SDLC, standardisation of secure implementations that can be leveraged across application suite etc.
  • Review current threat landscape by monitoring the latest developments in the security industry, vulnerability notifications from threat intelligence sources or CVE advisories according to impact to Trayport infrastructure/application suite.
  • Assist Trayport’s Operational Security and provide support for the team on key security initiatives (e.g. annual phishing awareness tests, SIEM improvements, general security domain activities).

Skills and Experience

Technical Skills

  • Hands-on experience with the development lifecycle.
  • Experience with working on projects involving financial/trading applications that are internet facing.
  • Knowledge of OWASP Top Ten/SANS 25 issues and understanding the best practice software engineering approaches to prevent issues.
  • Experience working with C#, .NET, .NET Core, C++ applications.
  • Understanding of the latest vulnerability classes, awareness of the techniques observed in the wild to compromise systems, ability to simulate for testing exercises across infrastructure/systems.
  • Ability to write tools to assist with application security testing coverage, experience with rapid instrumentation tools such as Frida or leveraging in-house development code – desirable/useful.

Soft Skills

  • Honesty and integrity.
  • Solid verbal communication and written skills.
  • Willingness to do hands-on, highly technical work.
  • Desire to learn new things, perform research where required to identify risk based on Trayport initiatives.

Desireable Certifications

  • OSEE, OSCE, OSWE, GXPN, GWAPT, OSCP, GPEN or equivalent.

Benefits:

  • 25 days Holiday
  • Flexible working
  • Health and Well Being Allowance
  • Annual Weekend Away
  • Cycle to work scheme
  • Staff Kitchen with free daily breakfast
  • Weekly Exercise Clubs
  • Hackathons and Tech Meetups
  • Heart of the city location
  • Excellent Bonus Scheme
  • Highly competitive pension scheme
  • Return to work bonus
  • Enhanced Maternity & Paternity Scheme
  • Healthcare & travel insurance, life assurance
  • Referral bonus
  • Give as you earn scheme