Skip to main content

Application Security Engineer

Posted: 23 Sep 2020 Closes: 23 Nov 2020
London Competitive
Permanent & Full-time itv/200001AF


Application Security Engineer





Why should you join us...


At ITV, we want to be the digitally led company that brings brilliant content to global audiences wherever, whenever and however they choose.

ITV is going through an exciting time working towards our 'More than TV' strategy, and Cyber Security is at the forefront of the change. Our teams design, build and deliver new and existing products and productions daily which brings incredible variety to the roles we play.  Innovation is at the heart of what we do, and you will have an opportunity to truly shape our security and the technology we work with. We are an established team exploring new ways to work and support all areas of the business in engendering a true secure by design approach.


We have an exciting new opportunity for an Application Security Engineer to develop and maintain the right security tools to provide high levels of security assurance across ITV Applications. You'll need strong agile software delivery skills, and must be able to work with developers that use different languages to help ensure coding practices remain in line with Secure Development.


You will champion security throughout the development teams and be the voice of security at daily stand-ups and scrums.  The role will also align closely with, and leverage the experience of the wider cyber security team particularly when managing incidents.

This is an ideal role for someone looking to help define and deliver ITV’s application and cyber security capabilities. We welcome applications from good developers that want to focus on security longer term.

Some Key Responsibilities:


  • Define and embed technical security policies, principles and standards.  Use code analysis solutions to evolve the secure by design principle.

  • Develop, maintain and automate security tools for secure SDLC, including ongoing developer training

  • Maintaining good practice around code repo's (like Git), identifying and remediating weaknesses in Open Source libraries

  • Lambda (server less functions)

  • Provide advice to development teams on all aspects of security within the development lifecycle

  • Proactively identify vulnerabilities, provide solutions and drive remediation (ideally through automation runbooks)

  • Work closely with platform teams to build centralised security reporting dashboards that provide security assurance across our applications

  • Work with our Managed Security Solution Provider to automate the identification and remediation of security issues across our Cloud services and build smart realtime reporting dashboards.

To be considered for this opportunity you will need to demonstrate the following skills / experience:

  • Experience in Java, Scala, Typescript, Python, Javascript, Ruby, 

  • Excellent knowledge of OWASP top 10

  • Solid knowledge of security issues found with code repos like NPM and GITHub

  • Good understanding of at least one CI toolset 

  • Experience working in AWS and/ or GCP

  • Experience with IDEs such as IntelliJ, IDEA, VS Code, Vim, Atom

  • Knowledge  with scripting and coding

  • Understand how to secure public facing endpoints and APIs

  • Security assurance tool familiarity (both open source and commercial)

  • Ability to build dashboards and consolidating data from multiple data sources



We reach millions of people everyday, that’s why having diverse talents and being an organisation where colleagues feel included is crucial to us. We have various networks who celebrate and support our colleagues. We try to embed an inclusive mindset in everything we do.  Find out more here 


Share Job