Application Security Engineer

At FNZ, our purpose is to make wealth management more accessible, bringing easier, fairer and more inclusive solutions to people worldwide. Here in the Security Technology and Operations team, we are on a mission to embed cyber resilience across FNZ, protecting the platforms that support investment solutions for over 20 million people.

We are looking for an Application Security Specialist, reporting within the Cloud & Platform Security Team. You will be working closely with developers to embed security measures and tooling across our application (platform) portfolio to help contribute to building secure products.

Ideally, with a software engineering background (e.g. .NET, Java) and experience of assessing security risks, vulnerabilities and alignment to security standards. Knowledge of web-based vulnerabilities and API security.

You must be passionate about security and excited about joining a fast-paced global environment.

Specific Role Responsibilities:

• Provide guidance and oversight to development teams on secure coding practices and application security best practices.
• Conduct security reviews, including code and design reviews to identify design flaws and vulnerabilities
• Contribute to and maintain a threat modelling framework and review
• Develop and maintain security standards, and procedures for application security
• Collaborate with cross-functional teams to design, implement, and maintain security controls for our applications.
• Stay up to date with the latest security threats, vulnerabilities, and countermeasures in order to continuously improve our application security posture.
• Production of reports and updates
• Guide software engineers on best security practices
• Assist in penetration testing exercises
• Track vulnerability remediation
• Support change boards)

Experience required:

Primary requirements

• Information Security experience, and experience of working in a regulated environment
• Experience of DevSecOps tooling e.g. Github, CI/CD
• Experience in application security engineering, threat modelling and secure coding
• Experience of integrating security into SDLC
• Experience of assessing vulnerability defects
• Good collaboration and communication skills, with experience of working with DevOps and delivery teams
• Familiar with static and dynamic application testing toolsets, including secret scanning and software composition analysis
• Experienced in managing security risk.
• Experience in developing and managing formal security documents
• Knowledge of cloud concepts a plus

About FNZ Culture:

Our culture is what drives us. It's at the heart of who we are and everything we do. It's what inspires, excites and moves us forward. Our ambition is to create a culture for growth, one that opens up limitless opportunities for our employees, customers and the wider world. At FNZ we know that great impact is only possible with great teamwork.

That’s why we value the strength and diversity of thought in our global team.

The FNZ Way is the cornerstone of what we do. It is comprised of four values that set the standard for how everyone at FNZ interacts with each other, with our customers, and with all our diverse stakeholders around the world.

1. Customer obsessed for the long-term
2. Think big and make an impact
3. Act now and own it all the way
4. Challenge, commit and win together

Read more about The FNZ Way and our values: www.fnz.com/culture

Opportunities:

• Right from day one, you will work alongside exceptional, multicultural teams - experts in their respective fields - who will inspire and challenge you to make your greatest impact.
• Be part of a highly successful, rapidly growing, global business that is leading the delivery of financial services via cloud computing and partners with some of the world’s largest companies.
• Working in a flexible and agile way that meets the needs of the business and personal circumstances.
• Remuneration, significant financial rewards and career advancement is based on individual contribution and business impact rather than tenure or seniority.
• We provide global career opportunities for our best employees at any of our offices in the UK, EU, US, Canada, South Africa and APAC.