Application Security Engineer

New Yesterday

Excited to grow your career?

Our purpose is to make it easy for people to save and invest for a better future. We are looking for great people to join us, so please come and invest in YOUR future at HL.

We know that sometimes people can be put off applying for a job if they don't tick every box. If you're excited about working for us and have most of the skills or experience we're looking for, please go ahead and apply. We'd love to hear from you!

About the role

As an Application Security Engineer at HL, you will play a key role in strengthening the security of our products and services. Partnering with Engineering and other security functions, you'll embed and enhance security across the SDLC. You will help shape our security tooling strategy, drive automation to scale assurance across the business and provide expert guidance to engineers on vulnerabilities, threats and risk mitigation. This role is an opportunity to influence how HL builds secure products at pace, while supporting a culture of "Secure by Design".

What you'll be doing

Design and implement automated security testing solutions and vulnerability scanning within the SDLC. Support the Application Security Lead in defining the strategy, tools and technologies. Running proof of concepts for new tools to support automated security assurance during agile sprints. Rollout selected security tooling collaborating with teams across the business. Integrate security tooling into existing engineering and business processes. Maintain, optimise and measure the effectiveness of security tools, producing dashboards to demonstrate impact. Triage of vulnerabilities, identification of false positives and providing mitigation and risk advice. Championing security testing as part of the delivery pipeline, driving shift-left improvements and a secure-by-design culture. Build strong partnerships with Engineering teams and the CISO function to streamline and improve security processes. Adhering to deadlines, prioritising work, and providing progress updates against plan. Supporting the Security Champions program at HL through developer enablement and training.

About you

Experience of SAST/SCA/DAST toolsets (e.g. Snyk, Gitlab Ultimate Application Security, Rapid7). Experience of API scanning tools (e.g. Salt, 42Crunch). Strong understanding of vulnerability scoring frameworks such as CVSS and EPSS. Ability to code in at least one programming or scripting language (e.g. Python, JavaScript/TypeScript). Broad knowledge of software development languages, frameworks and build/deploy tools (e.g. Gitlab CI/CD, Harness, Jenkins). Solid understanding of security vulnerabilities, with the ability to keep pace with emerging threats. Ability to replicate vulnerabilities to demonstrate risk to Engineering teams and explain impact clearly to non-technical stakeholders. Experience working in Agile environments, with strong organisational skills and attention to detail. Hands-on experience of cloud platforms (AWS, Azure). Experience in writing and improving processes based on feedback. Experience in integrating security tooling into CI/CD pipelines. Awareness of and/or experience with developer-focused Security Champion programs.

Interview process

The interview process will be two stages including an introductory conversation, and a technical competency-based questions and a task.

Working Schedule

We are based in Bristol, BS1 5HL. This role is permanent, full time, 37.5 hours per week, Monday to Friday. We have returned to the office, however for this role we offer a flexible working pattern to enable you the option of working from home and coming into the office around once a month.

Why us?

Here at HL, we're the UK's number 1 investment platform for private investors, based in Bristol. For more than 40 years we've helped investors save time, tax and money on their investments.

To achieve our mission, we believe we have a workplace like no other, with constant learning, dynamic teams, and a great ethos. We're steered by core values that promote service, quality, innovation, and opportunity in everything we do.

What's on offer?

Discretionary annual bonus* and annual pay review 25 days* holiday plus bank holidays and 1-day additional Christmas closure Option to purchase an additional 5 days holiday** Flexible working options available, including hybrid working Enhanced parental leave Pension scheme up to 11% employer contribution Income Protection and Life insurance (4 x salary core level of cover) Private medical insurance* Health care cash plans - including optical, dental, and out patientcare Health screening programme Help@hand - confidential support including mental health counselling and remote GP Wellhub - unlimited access to fitness providers and wellness coach sessions Variety of travel to work schemes with bike storage and shower facilities Inhouse barista and deli serving subsidised coffee and sandwiches Two paid volunteering days per year

* dependant on role level

** only available to select during our annual benefits window, in November each year

Hargreaves Lansdown is an inclusive employer that values diversity in its workforce. We encourage applications from all individuals without regard to race, religion, gender, sexual orientation, national origin, disability or age.

This role may also be available on a flexible working or part time basis - please ask the Recruitment & Onboarding team for more information.

Please note, we are unable to provide employment sponsorship to candidates.

#HLI
Apply
Location:
Gb
Job Type:
PartTime
Category:
Techsoftware

We found some similar jobs based on your search