UK- Senior Application Security Manager
Crawford & Company
- United Kingdom
- Permanent
- Full-time
- Work to consistently learn and share advanced skills and practices that promote team excellence.
- Build relationships with development teams and key business stakeholders to incorporate security principles into development and deployments.
- Supervise testing and validation in application security controls across projects.
- Create and uphold CI/CD security strategy and practices in tandem with other technical team leads.
- Serve as a point of contact for security-based escalations and remain tightly involved through resolution.
- Build services and tools to enable developers to easily use security components produced by application security team members.
- Simplify automation that applies security inter-workings with CI/CD pipelines.
- Enable the ability to “shift left” and incorporate security early on and throughout the development lifecycle.
- Identify vulnerabilities in code through automated and manual assessments and promote quick remediation.
- Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging.
- Leverage vulnerability database sources to understand the weakness, probability and remediation options supplied by vendors as well as workarounds.
- Regularly research and learn new tactics, techniques, and procedures (TTPs) in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary through the CI/CD pipeline.
- Enrich DevOps architecture with security standards and best practices.
- Partner with teams to define key performance indicators (KPIs) and metrics across business units
- Expected to hold one or more security certifications relevant to the position, such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Computer Security Incident Handler (CSIH), CISM (Certified Information Security Manager).
- AWS or Azure Architect or Security certifications.