Application Security Expert - London
On site
London, United Kingdom
Full Time
16-03-2025
Job Specifications
Description
monday.com is looking for an application security expert to provide application security services including secure coding techniques and reviews, education & awareness, processes and tools, security testing support and guidance for internal software development projects. The Application Security Team is based in our headquarters, Tel Aviv, Israel - you’ll be joining another team member in London.
monday.com works hybrid with 3 days in the London office.
About The Role
Provide guidance on security best practices and compliance, and undertake security testing.
Develop security testing plans and integrate them into the software development lifecycle.
Perform and oversee security testing and manage remediation of identified vulnerabilities.
End-to-end work on reported vulnerabilities as part of the bug bounty program.
Identify Application security risks and requirements for new projects and system developments.
Sign-off on application security prior to live implementation.
Collaborate with the architecture and development teams to review the design and code for security vulnerabilities.
Embed/improve security threat modeling and secure coding in the development lifecycle.
Provide technical specialist advice to ensure that security standards are understood and can be complied with.
Monitor and proactively report on current threats and vulnerabilities to application security.
Prepare and monitor application security metrics and KPIs.
Initiate and automate processes for detecting and monitoring the platform security and integrate security tools into the S-SDLC.
Work with the local DevSecOps team to improve our S-SDLC and take part in our security incident response team
Requirements
At least 3 years of experience in software engineering.
At least 2 years of experience in application security.
In-depth knowledge of application security vulnerabilities, testing techniques, and the OWASP framework.
Team player able to build relationships across the organization, also remotely
In-depth understanding of secure web application development.
Experience in web application and Agile development methodologies.
Exposure to methods of promoting security awareness.
Strong communication (verbal/written) and influencing skills, with an ability to manage internal and external relationships up to senior levels of management.
Anticipates problems and identifies long-term implications of decisions and actions.
Ability to work and learn alone.
Able to prioritize workload and drive work to set deadlines.
Experience working with the hacker/pen-testing community.
Meet The Security Team- Read Out Blog Post
https://www.startupforstartup.com/ww/blog/appsec-challenges-and-how-we-do-it/
Social Description
monday.com is looking for an application security expert to provide application security services including secure coding techniques and reviews, education & awareness, processes and tools, security testing support, and guidance for internal software development projects. The Application Security Team is based in our headquarters, Tel Aviv, Israel - you’ll be the first to join the team from Warsaw, Poland, where we have R&D, DevOps, and SecDevOps teams.
Meet The Security Team- Read Out Blogpost
https://www.startupforstartup.com/ww/blog/appsec-challenges-and-how-we-do-it/
About the Company
The monday.com Work OS is a low code- no code platform that democratizes the power of software so organizations can easily build work management tools and software applications to fit their every need. The platform intuitively connects people to processes and systems, empowering teams to excel in every aspect of their work while creating an environment of transparency in business. monday.com has offices in Tel Aviv, New York, Miami, Chicago, Denver, London, Warsaw, Sydney, Melbourne, São Paulo, and Tokyo. The platform is ful... Know more
Related Jobs
- Company Name
- Mozn
- Job Title
- Principal Engineer - Application Security / DevSecOps
- Job Description
- Mozn is a rapidly growing and leading data science & product development firm based in Riyadh with a proven track record of excellence in supporting and growing the analytics ecosystem in Saudi Arabia. Mozn is a trusted analytics partner for the largest government organizations in Saudi Arabia, as well as many large corporations and startups. We are in a critical stage of scaling the company to build institutional analytics knowledge within Mozn and Saudi Arabia. It is an exciting time to work in Saudi Arabia; through Vision 2030, the rate of social and industrial change is staggering. We are seeking a highly skilled and experienced Principal Engineer - Application Security / DevSecOps to lead and enhance our applications security posture. The ideal candidate will have deep expertise in secure software development, DevSecOps practices, threat modeling, and security frameworks. This role is for an expert who will design, implement, and maintain robust security measures across the software development lifecycle (SDLC) and DevOps pipeline. Requirements Technical Leadership: - Develop and drive the strategic roadmap for application security and DevSecOps within the organization. - Collaborate with engineering, operations, and product teams to integrate security best practices seamlessly into SDLC and CI/CD pipelines. - Advocate for a security-first culture across the organization. Technical Expertise: - Design and implement security solutions for cloud-native, microservices-based, and legacy applications. - Integrate automated security tools into CI/CD pipelines (e.g., SAST, DAST, SCA, IAST, and RASP). - Develop and maintain threat models to identify and mitigate risks proactively. - Establish and enforce coding standards and guidelines for secure coding practices. Operational Excellence: - Monitor, analyze, and respond to application and system vulnerabilities. - Lead vulnerability management efforts, including prioritization and remediation. - Conduct security assessments, code reviews, and penetration tests. - Provide guidance on secure architecture patterns and solutions. Collaboration and Mentorship: - Mentor and coach teams to adopt secure development and DevSecOps practices. - Partner with stakeholders to design and implement security-aware development environments. - Work with compliance and governance teams to ensure adherence to industry standards (e.g., ISO 27001, GDPR, PCI-DSS, SOC 2). Continuous Improvement: - Stay abreast of emerging security threats, technologies, and industry trends. - Lead initiatives to enhance the organization's security posture and incident response capabilities. - Measure and report key metrics to track security effectiveness and compliance. Qualifications: Educational Background: - Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or related field. - Relevant certifications such as CISSP, CISM, OSCP, CEH, or AWS/Azure/GCP Security certifications are highly desirable. Experience: - Minimum of 8-10 years of experience in application security, DevSecOps, or a related field. - Proven track record of leading security initiatives in DevOps environments. - Hands-on experience with CI/CD pipelines and automation tools (e.g., Jenkins, GitHub Actions, GitLab CI/CD). - Expertise in cloud security (AWS, Azure, or GCP) and container security (Docker, Kubernetes). Technical Skills: - Proficiency in programming and scripting languages (e.g., Python, Java, JavaScript, or Go). - Strong understanding of OWASP Top 10, SANS/CWE 25, and other security frameworks. - Knowledge of security tools and platforms (e.g., SonarQube, Veracode, Burp Suite, Aqua, Prisma Cloud). - Experience with infrastructure-as-code (IaC) security and tools like Terraform and Ansible. Soft Skills: - Excellent problem-solving and critical-thinking abilities. - Strong leadership and communication skills to influence and collaborate with cross-functional teams. - Ability to manage and prioritize multiple initiatives in a fast-paced environment. Benefits We think you'll enjoy working at Mozn. Here's why: We selectively choose to undertake projects with impact; our users and clients trust us to solve mission-critical problems We move quickly, but carefully and confidently. Iterations happen on the scale of days to weeks, and we invest considerable effort in minimizing the operational overhead to empower you to do your best work You will be given a lot of responsibility and trust. We believe that the best results come when the people responsible for a product are given the freedom to do what they think is best
- Company Name
- Pharmacy2U Ltd
- Job Title
- IT Security Engineer
- Job Description
- Role: IT Security Engineer Location: Leeds Salary: DOE plus extensive benefits Contract type: Permanent Employment type: Full time Working hours: 40 hours per week, Monday to Friday 09:00 – 17:30 The IT Security Engineer will administer and optimise security tools, to provide technical security guidance and to implement security change across a range of components to achieve and maintain security across business platforms and applications. Scope of responsibilities include Microsoft 365, Exchange, networking components (firewall etc), Windows Server, core Microsoft back-office technologies, and 3rd party software and applications. You will be passionate about providing an excellent level of service with a focus on improving the security posture of global infrastructure in line according to the IT security strategy and business requirements. You will also be comfortable suggesting improvements and be prepared to adapt and change as necessary. In addition, you will be a problem solver, who wants to find the “secure way” to solve a business problem. What’s in it for you? Occupational sick pay Enhanced maternity and paternity pay Contributory pension Discounted insurance (Aviva) Employee discount site Discounted gyms (via our blue light card and benefits schemes) Employee assistance programme In-house mental health support Free onsite parking Health and wellbeing initiatives Social events throughout the year Cycle to work scheme Green car scheme*(subject to minimum earnings) Registration fees paid (GPhC, NMC, CIPD etc) Long service bonus Refer a friend bonus Blue light card Hybrid working Commitment to CPD/training 25 days annual leave increasing with service Annual leave buy and sell scheme Discounts & Exclusive offers at The Springs, Leeds 25% Discount & health & beauty purchases 25% Discount on Pharmacy2U Private Online Doctor Services What you’ll be doing? Daily system checks and monitoring of information security alerts (AV, Firewall, M365 etc). Reporting on the performance of technical security controls Assessing the security risks of changes Assessing the risk to the business of making security changes Communicating weaknesses and vulnerabilities Liaising with technical counterparts across the business, in partners and other 3rd Parties. Participating in Incident Response and Investigation Policy development Test, evaluate, build, and implement security change in line with business requirements Vulnerability management of hardware and software components Keep up to date with advancements in information security and technology Monitor threat intelligence and investigate the organisations exposure to threats Maintain application and infrastructure security including antivirus software, endpoint protection and other technical controls Who are we looking for? Experience working within the retail services sector preferably in an information security-related role Experience supporting Microsoft Windows On-Premise and Cloud (Azure) environments, ideally in a security capacity Strong understanding of Information Security concepts, principles and best practices Experience of Vulnerability Management Strong knowledge of securing Active Directory (DHCP, DNS) Skilled in technical risk management Experience with Cloud Technologies (PaaS, IaaS, SaaS) Experience in administering and securing virtual environments Knowledge of Windows Endpoint technologies, Intune, BitLocker, Defender Able to develop good working relationships What happens next? Please click apply and if we think you are a good match, we will be in touch to arrange an interview. Applicants must prove they have the right to live in the UK. All successful applicants will be required to undergo a DBS check. Unsolicited agency applications will be treated as a gift. #INDTECH
- Company Name
- RedRock Resourcing
- Job Title
- Graduate Cyber Security Consultant x 3 - Graduate Scheme - Bristol - New! (REFBJ14)
- Job Description
- Graduate Cyber Security Consultant x 3 - Graduate Scheme - Bristol - New! (REFBJ14) Up to £28,000 + Graduate Scheme - Training & Progression (Rising to £45k) ** 2/3 days per week on site in Bristol ** A leading consultancy in Bristol requires a number of Graduate Cyber Security Consultants to join its growing team. Successful candidates will work in project teams to design, implement and cyber security solutions. This will involve learning about and working with a variety of technologies as well as developing professional consulting and problem-solving skills. Engagements will involve building insightful analytics from client requirements to enable them to make evidence-based decisions based in real time. Suitable candidates will have At least a 2.1 in a Security or STEM related degree ideally from a Russell Group university coupled with strong A Level results Demonstrable technical competence and analytical approach to problem solving Flexible and adaptable, with ability to work well in a team Good communication skills, both written and verbal, and professional approach Eligible for SC clearance Additionally, any experience of working with customers / stakeholders would be advantageous, as would exposure to any of Splunk, Sentinel, AWS, Azure, networking, system administration, data analytics tools. Please send CV for job description and an informal chat. Excellent opportunity to kick start your career!
- Company Name
- Lorien
- Job Title
- Cyber Security Consultant
- Job Description
- Cyber Security Consultant Portsmouth - Hybrid working pattern Salary – Up to £60,000 + Additional Corporate Benefits Package The Client: A leading boutique cyber security firm requires a security consultant! The Role: As a Cyber Security Consultant, your role will involve assisting clients in tackling various Cyber Security challenges, from clearly defining Cyber Security policies and strategies to recognizing their vulnerability to Cyber Security threats/risks and implementing practical and cost-effective measures. You will be responsible for advising and executing the identification, management, and mitigation of risks to a client’s information and information technology assets. Key Skills: Comprehending the business and information risk context (typical business motivators, cyber security threats, and implementation obstacles) of our clients Evaluating risk at both a technical and business process level and clearly communicating findings both verbally and in writing to key stakeholders Assessing the level of cyber security maturity within an organization and formulating maturity enhancement strategies Reviewing the efficiency of controls (in relation to recognized controls frameworks as applicable) and recommending appropriate security improvements Investigating and analysing security technologies to facilitate the creation of innovative solutions Evaluating risk at the business function or process level leading client interviews or minor investigations to gauge business impact Performing site visits and threat evaluations Applying standard frameworks or relevant standard methodologies Leading the development of risk assessment/reports Collaborating with account teams to discover new work opportunities and assist in the creation of high-quality proposals Requirements: You should possess a degree related to cyber security or equivalent training or have 3 years of experience in similar positions with A-levels being a minimum. You must have the capability to convey and present security advice, often at a technical level, directly to key customer stakeholders; possess outstanding interpersonal skills as well as strong written and verbal communication and presentation abilities. Experience in a commercial sector such as financial services, banking, insurance, the energy industry, or telecoms is preferred. Desirable Skills: CISM, CISMP, or equivalent certifications are advantageous Given the nature of the role, all employees must undergo a DBS and Security Check. To qualify for full SC Clearance, you must have resided in the UK for the past five years. Additionally, you may not spend more than 30 consecutive days outside of the UK. So, if you feel your skills and experience align with the prerequisites for this role, then please get in touch, and apply directly.