Senior Application Security Specialist
Our client, a leader in the online gaming and sports-betting industry is currently seeking a talented Senior Application Security Specialist to join their Gibraltar or Athens-based team. This role aims to provide application security services into the software development lifecycle including secure design, coding techniques and reviews, education & awareness, process and tools, security testing support and guidance.
As a Senior Application Security Specialist, your duties would include:
- Performing and developing web application security testing (Penetration tests)
- Identifying application security risks and requirements for new projects and system developments
- Working with the architecture and development groups to review code for security vulnerabilities and embed/improve security threat modelling and secure coding in the development lifecycle
- Providing technical advice to ensure that security standards are met
- Perform/overseeing security testing and manage remediation of identified vulnerabilities
- Supporting the InfoSec team in the promotion of information security best practice and embedding information security within the development streams
- Providing reports on application security KPI’s to the Cyber Security Manager
The ideal candidate would have the following skills & experience:
- At least 5 years of experience and In-depth knowledge of application security vulnerabilities, secured design, security testing techniques, and the OWASP framework
- In depth understanding of secured web application and web services development in at least two of the following: PHP, .Net, JAVA
- Understanding of various CMS platforms such as Drupal, Joomla and WordPress
- Experience of web application and agile development methodologies
- Understanding of web servers and HTTP protocol running on Windows and Linux servers
- Knowledge of technical security architectural principles and creating application threat models
Strong communication (verbal/written) and influencing skills, with an ability to manage internal and external relationships up to senior levels of management.
- Ideally one of the following certifications:
- SANS GIAC Penetration Tester (GPEN)\Certified Ethical Hacker by the International Council of ECommerce Consultants (EC-Council.)
- GIAC Certified Web Application Defender
- GIAC Web Application Penetration Tester
If you would like to discuss this opportunity then please don’t hesitate to contact Castle Hill today.