Junior Application Security Specialist

  • 28 Oct 2020

Junior Application Security Specialist

Junior Application Security Specialist is responsible for the overall execution of Trayport’s Application Security Testing programme under the guidance of the Senior Application Security Specialist. The role will primarily entail performing ongoing application security testing against our product suite to identify vulnerabilities and help development teams implement appropriate fixes.

Primary Responsibilities

  • Perform ongoing application security testing against Trayport’s product suite under the guidance of the Senior Application Security Specialist.
  • Identify application level security vulnerabilities in our products using modern penetration testing techniques.
  • Articulate identified vulnerabilities in a manner that is understandable to key stakeholders, such as development teams. 
  • Track vulnerabilities according to Trayport’s risk management process and work with development teams to resolve the issues identified.
  • Maintain Key Performance Indicator reports summarising the status of identified security issues.

    Additional responsibilities

  • Build relationships with development teams to ensure smooth execution of the security testing programme.
  • Work with QA teams to automate common security tests into the quality assurance pipeline.
  • Keep up to date with emerging technologies and vulnerabilities
  • Liaise with external penetration testing suppliers at a technical level to ensure smooth delivery of their work.

    Required skills

  • 2 years of hands-on experience performing application penetration tests.
  • Good knowledge of key application security vulnerabilities (OWASP Top 10).
  • Knowledge of key application layer protocols and data formats (HTTP, WebSockets, SQL, JSON, Protobufs)
  • Knowledge of common application development languages and frameworks (C#/ASP.NET preferable, Python useful, C++ useful)
  • Working knowledge of cryptographic protocols (TLS)
  • Basic knowledge of key networking protocols (DNS, TCP, IP)
  • Use of common tools (Burp suite, Fiddler, Chrome/FF dev tools, SQLmap, Wireshark)
  • Good written skills - able to express technical issues in a concise and accurate way.
  • Agile and self-motivated learner
  • Teamwork - able to work with other people in a collaborative manner.
  • Pragmatism - able to identify compromises that meet multiple, sometimes conflicting, stakeholder needs.
Desirable qualifications
  • CREST Registered Tester (or equivalent)
  • CEH

Potential to work towards obtaining a relevant qualification (e.g. CREST Certified Tester-App), through on the job training with our experienced Application Security team (<e.g. AppSec Quals>).

Why us?

As a Junior AppSec Specialist we know what makes you tick. As a company we’re in a very unique positon with great exposure to finance (trading, clearing, brokers, exchanges, regulations), the energy industry, and new technologies.

You'll not only get to work within a supportive team but also have the confidence and support of your managers. Working in an open plan office space really helps us embrace agile working. Creative freedom in working is encouraged and autonomy valued.

Employee investment and development are very much focal points here at Trayport (PDP, training courses, tech talks. Etc).

This is your chance to join us and make a huge impact as we continue the journey to become smarter and more efficient than ever before.

Did you know?

  • To date (2020), we have hired 24 new positions into Technology in London.
  • 312 employees across London, Vienna and Singapore, making up over 37 different nationalites
  • Winner of the Best Well Being Strategy 2019 as hosted by Reward Gateway