Application Security Engineer
Application Security Engineer
Why should you join us...
At ITV, we want to be the digitally led company that brings brilliant content to global audiences wherever, whenever and however they choose.
ITV is going through an exciting time working towards our 'More than TV' strategy, and Cyber Security is at the forefront of the change. Our teams design, build and deliver new and existing products and productions daily which brings incredible variety to the roles we play. Innovation is at the heart of what we do, and you will have an opportunity to truly shape our security and the technology we work with. We are an established team exploring new ways to work and support all areas of the business in engendering a true secure by design approach.
We have an exciting new opportunity for an Application Security Engineer to develop and maintain the right security tools to provide high levels of security assurance across ITV Applications. You'll need strong agile software delivery skills, and must be able to work with developers that use different languages to help ensure coding practices remain in line with Secure Development.
You will champion security throughout the development teams and be the voice of security at daily stand-ups and scrums. The role will also align closely with, and leverage the experience of the wider cyber security team particularly when managing incidents.
This is an ideal role for someone looking to help define and deliver ITV’s application and cyber security capabilities. We welcome applications from good developers that want to focus on security longer term.
Some Key Responsibilities:
Define and embed technical security policies, principles and standards. Use code analysis solutions to evolve the secure by design principle.
Develop, maintain and automate security tools for secure SDLC, including ongoing developer training
Maintaining good practice around code repo's (like Git), identifying and remediating weaknesses in Open Source libraries
Lambda (server less functions)
Provide advice to development teams on all aspects of security within the development lifecycle
Proactively identify vulnerabilities, provide solutions and drive remediation (ideally through automation runbooks)
Work closely with platform teams to build centralised security reporting dashboards that provide security assurance across our applications
Work with our Managed Security Solution Provider to automate the identification and remediation of security issues across our Cloud services and build smart realtime reporting dashboards.
To be considered for this opportunity you will need to demonstrate the following skills / experience:
Excellent knowledge of OWASP top 10
Solid knowledge of security issues found with code repos like NPM and GITHub
Good understanding of at least one CI toolset
Experience working in AWS and/ or GCP
Experience with IDEs such as IntelliJ, IDEA, VS Code, Vim, Atom
Knowledge with scripting and coding
Understand how to secure public facing endpoints and APIs
Security assurance tool familiarity (both open source and commercial)
Ability to build dashboards and consolidating data from multiple data sources
We reach millions of people everyday, that’s why having diverse talents and being an organisation where colleagues feel included is crucial to us. We have various networks who celebrate and support our colleagues. We try to embed an inclusive mindset in everything we do. Find out more here