About the job
Roles/Responsibilities
* 12-month contract with potential for extension.
* Hybrid role (1-2 days onsite per week).
* Monitor and manage application security vulnerabilities identified via penetration tests, SAST, DAST, and other sources, ensuring timely resolution within defined SLAs.
* Triaging vulnerabilities to determine if they require action or can be marked as false positives, providing justifications for decisions.
* Collaborate with penetration testing providers to ensure tests are conducted in a timely manner and results are actionable.
* Serve as a liaison with the group security team to maintain a single source of truth for vulnerabilities and resolve disputes regarding false positives.
* Design and implement security enhancements for APIs and web applications developed in Node.js and Vue.js.
* Maintain and refine software application security policies and procedures to align with best practices.
* Provide technical guidance to the Solution Delivery team to ensure security best practices are embedded throughout the software development lifecycle.
* Report on the security posture of the Solution Delivery team to steering groups, including providing remediation targets and justifications.
Skills/Experience
* 5+ years of experience as a Web Application Developer with a focus on secure development practices.
* Proficiency in secure REST/JSON API development and Node.js.
* Strong understanding of web technologies (JavaScript frameworks like Vue.js or Angular, HTML, CSS) and the associated security considerations.
* Familiarity with OWASP Top 10 and other security frameworks.
* Proven experience in triaging and remediating third-party dependency vulnerabilities (e.g., via npm).
* Hands-on experience with tools for static (SAST) and dynamic (DAST) application security testing.
* Knowledge of HTTP and API security concepts, including common vulnerabilities and their mitigations.
* Experience in software project lifecycles using DevOps methodologies and tools like Git, Jira, and Confluence.
* Experience working with penetration testing teams and understanding the penetration testing process.
* Excellent communication skills to liaise with technical teams and articulate findings to non-technical stakeholders.
Non-Technical Skills
* Highly motivated, enthusiastic, and capable of working both independently and collaboratively in a team-oriented environment.
* Exceptional analytical and problem-solving skills, with attention to detail and a business-focused approach.
* Strong interpersonal skills, with the ability to influence technical decisions and communicate effectively in a fast-paced environment.
* Demonstrates creativity and resourcefulness in presenting solutions to complex security challenges.
#J-18808-Ljbffr