About the job

What You'll Be Doing We're looking for a Cloud Application Security SME to join our delivery team, and help shape and direct our clients' security transformation journeys. We work closely with the public sector, and as such you will be required to undergo SC clearance for this position. Here's Some Points On What To Expect

• Working within agreed timelines throughout the evaluate, design and build phases to identify security requirements; define application security solutions; configure and test using DevSecOps tools and platforms.
• Leveraging your core competence and knowledge of industry Application Security standards, frameworks and good practices to support security reviews, enablement, validation or definitions of application security outcomes.
• Identifying:
• Client needs for application security technology/tools and process adoption.
• Technical security requirements, both functional and non-functional.
• Gaps, issues, assumptions and failings in the client application security landscape.
• Client needs in terms of outcomes, stakeholder engagement and risk mitigation.
• Defining:
• Project testing strategy, test plans, test scenarios and approach.
• Security environment objectives and targets, including change impact and risk.
• Cross-team implementation plans.
• Appropriate metrics and processes to achieve client objectives and targets.
• Enacting:
• The setup of application security specific components and processes for development, test, and production environments.
• Application security and DevSecOps technology implementations and configurations.
• Robust practices for the protection and security of client systems
• Oversee, evaluate, and support:
• Discovery and audits
• Documentation, validation, assessment, and authorisation
• GRC Consultants and Service/Solution architects in the securing of products and services.

What experience you'll bring: You're somebody that's obsessive about solving business and client challenges, and take a strong focus on security risk to help tackle client challenges. You have an egineering background and have experience operating at a client advisory level. You use your ability to blend your technical knowledge and consulting ability to craft market-leading solutions to multi-million pound problems. You Should Be Experienced In

• Designing and building within a public cloud environment (E.g. Azure, GCP, AWS)
• Skilled in programming, with expertise in your language of choice (E.g. Java, Python, TypeScript, Go, Rust).
• Strong understanding of API protocols such as REST, SOAP, gRPC, GraphQL, WebSockets and how to secure them.
• DevSecOps frameworks and methodologies.
• OWASP
• Application and IaC security testing (SAST).
• Integration/operation challenges with security toolsets, for example: Synopsys, Veracode, Checkmarx, Cequence, Akamai, Salt, GitLab, MicroFocus Fortify SCA, WebInspect, App Defender, Sonatype, SonarQube, Qualys and TripWire (IP360), Burp Suite, Synk, Twistlock.
• Knowledge of RDBMS (E.g. MySQL, PostgreSQL, MariaDB, Microsoft SQL Server, and Oracle Database)

Knowledge of Secure by Design and Zero Trust principles.

GCS is acting as an Employment Agency in relation to this vacancy.