AVP / Senior Associate, Application Security Engineer, IT Shared Services, Technology and Operations
Group Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.
Support the Automated Source Code Scanning platform (Fortify) and laise with vendor support Support SCA (OSS risk platform - Sonatype Nexus IQ) Advisory on security requirements and security test Provide expertise to drive the bank-wide standardisation of security test tool usage, around industry leading practices, and support the adoption. Deliver security test projects, including static and dynamic scan execution, analysis and report Responsibilities
Support the ISS Application Security Lead in driving the transformation of application security (static and dynamic) across the Bank to achieve business results. Deliver static and dynamic scan projects using Fortify / WebInspect Deliver SCA (OSS risk) advisory Advise project teams about security requirements and security test Support Fortify platform and laise with vendor support as required Provides advisory to project teams on static and dynamic scan and secure coding Requirements
More than 1 year of software development, Java or .NET Understanding of application security across the SDLC Knowledge and hands-on experience with SAST. Fortify - an advantage Experience with OSS risk tools like Sonatype Nexus IQ, BluckDuck - an advantage Experience with security requirements and security test - an advantage Penetration testing experience - an advantage WebInspect experience - an advantage Apply Now
We offer a competitive salary and benefits package and the professional advantages of a dynamic environment that supports your development and recognises your achievements.