About this role
Experian, Global Security Office are looking for an experienced Senior Application Security Engineer to enhance our application security processes with emphasis on business engagement.
You will be responsible for static, SCA, and dynamic scanning, collaborating with software engineers, provide flaw mitigation recommendations, and implementing automated security controls throughout the development lifecycle and CI/CD pipelines. Ensure the Software Security Policy and Baseline requirements are met for new Agile deliveries and for legacy estate with flaws and issues managed throughout all stages of an applications' life.
This is a remote UK-based position reporting to the Manager of Application Security
Main Responsibilities
Collaborate with software engineers and leadership to address security risks and provide mitigation recommendations within the Secure Development Lifecycle (SDLC).Work with development teams to understand their needs and the risk profile for each application and customize solutions to meet the needs of the applicationCollaborate on the implementation and management of SAST, SCA, DAST, and other scanning solutions to provide coverage for the application portfolioGuide development teams through a review of their applications and risks against common application flaws (e.g., OWASP Top 10) and provide prioritized visibility to senior management along with contextOperate as an advocate for Security in interactions with internal and external teamsWork with Risk & Compliance teams on audits (e.g., SOC 2, PCI-DSS, HIPAA) and recommend relevant Application Security policy and proceduresContribute to internal and external/client audits, ensuring compliance with security standardsLead projects to implement security technologies enterprise-wideIntegrate 3rd party and build custom solutions into our CI/CD pipelines and development cycles.Define security guardrails through automated tool policies, Service level agreements, custom rules, and support the developer communitySupport the enterprise in managing vulnerabilities through automated tooling and security assessmentsWork with Security Champions to build relationships and ensure main activities are supported and deliverables are achieved promptly. Direct experience in enterprise-level application security.Experience in AppSec or DevSecOps, collaborating and presenting to developers, supporting development teams to adopt and mature secure development practicesProficiency with SAST, SCA, DAST, IAST, RASP and others tools associated with DevSecOp.Experience with programming and software development including CI/CD pipelines and related technologies such as Git, Jekins, Maven, Chef, Puppet, Ansible, Nexus, Artifactory and NPMExperience overseeing the linking of applications between different departments and systemsUnderstanding of MITRE, OWASP, SafeCode and risk management methodologies as they relate to integration/software testing.Good project management skills or substantial exposure to project-based work structures, project lifecycle models,Knowledge of cloud and GenAI security is an advantage. Benefits package includes:
Great compensation package and discretionary bonus planCore benefits include pension, bupa healthcare, sharesave scheme and more25 days annual leave with 8 bank holidays and 3 volunteering days. You can purchase additional annual leave.Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.
Experian Careers - Creating a better tomorrow together
Find out what its like to work for Experian by clicking here