Zoopla Jobs – Senior Application Security Engineer In Norwich

Overview

Position Title: Senior Application Security Engineer

Company: Zoopla

Location: Norwich, UK

Job Description:

Responsibilities:

• You’ve honed your engineering craft, and practice writing maintainable code, code review, pair programming, automated testing.
• You’ll have worked with cloud tech, preferably AWS, and when called for, you’ll be willing to flex across the whole stack.
• For more senior roles, you will have achieved the above while teaching others, influencing your team and organisation.
• To join the team you must exhibit the Zoopla behaviours – such as ‘own it,’ ‘build together’, and ‘set the standard.’
• We take diversity and inclusion seriously, and to succeed here, you must too.

Requirements:

• You have experience driving application security into the software development lifecycle by performing security threat modelling, risk assessments, and using vulnerability management to help prioritise risks.
• You are able to work with individuals at all levels in a wide array of business functions to implement mitigations and resolutions using industry standard approaches.
• You will be able to educate software engineers on application security best practices and secure coding techniques, helping to shift security left in the development lifecycle.
• Application security at Zoopla sits within SRE, so the ability to collaborate and work with SRE’s to help develop tools to monitor and troubleshoot/resolve security or compliance related issues.
• Familiarity with security best practices associated with containers, serverless and distributed systems.
• You will be knowledgeable and comfortable with Agile development practices, and have strong programming ability in any modern language. The application security team uses Python, Perl and Git.
• You have experience working with software engineering teams and providing insight during security events, including communication findings to stakeholders at all levels of seniority.
• Passionate about cloud technologies, and remains up to date with the latest security trends. Ability to design, develop and maintain the security of cloud environments.
• Knowledge of compliance standards like CIS, NIST in conjunction with PCI-DSS and GDPR
• Familiar with internet security issues, OWASP top 10, threat landscape especially on cloud providers
• Familiar with application security initiatives such as Mitre/OWASP etc.
• You will have experience of implementing a security model using Terraform deployed with a pipeline, and experience implementing security testing into the deployment pipeline.
• Knowledge of working with and developing tools like prowler, cloud custodian and image hardening according to CIS benchmarks
• Experience implementing and rolling out a SIEM, and/or SOC
• Experience rolling out distributed policy reviews
• Experience as an architect exclusively in AWS