Application Security Analyst

Application Security Analyst

Posted 1 day ago by Norton Blake

Apply
£500 Per day
Outside
Hybrid
City of London, UK
Apply
Amazon Web Services (AWS) Application Programming Interface (API) Application Security Authentications Authorisation (Computing) Business Logic Cloud Computing Cloud Technology Information Systems Security Internal Controls JIRA Management Microsoft 365 Microsoft Teams OAuth OpenID Open Web Application Security Project (OWASP) Project Management Project Management Office (PMO) Stakeholder Engagement Stakeholder Management Web Applications Web Application Security

Summary: The Application Security Analyst role involves supporting the Security Application Compliance programme within a leading TV production company's IT Department. This position requires performing system application assessments, communicating findings, and assisting IT teams with corrective actions. The contract is for an initial duration of three months and is based in London with a hybrid working arrangement. The role is classified as outside IR35 and offers a competitive daily rate.

Key Responsibilities:

  • Perform system application assessments in alignment with established application security controls
  • Communicate and reporting deficiency findings to management
  • Assist IT teams in implementing corrective actions based on identified deficiencies
  • Ensure effective business changes are introduced as a result of deficiency findings.
  • Monitor and follow up on assessment recommendations to ensure timely implementation and resolution with the appropriate IT stakeholders
  • Working with the PM, internal controls colleagues, IT Managers, InfoSec, to improve internal control

Key Skills:

  • Deep understanding of Web Application Security (eg, OWASP Top 10 & beyond OWASP, such as business logic flaws, access control bypasses)
  • Understanding of secure development practices
  • Static & Dynamic Analysis (eg, DAST)
  • Experience in Authentication & Authorization (eg, modern-day protocols like OAuth, OpenID, and experience in analysing access control and session management)
  • Understanding of Cloud & API security; Cloud platforms (Azure, AWS) & their security implications
  • Experience with Jira & Confluence
  • Experience with Monday.com
  • Experience with Microsoft Teams (including shared folder management on Teams)
  • Previous experience managing projects/workstreams independently
  • Proven ability to gather information across multiple sources and reconcile it into a comprehensible format for further use by other teams involved with the delivery of the programme (ie, dev/tech teams, etc.)
  • Excellent stakeholder engagement & management skills (ie, workshops, interviews, questionnaires, product demos, etc.)
  • Ability to work in a fast-paced environment and manage multiple priorities across different projects
  • Attention to detail (as small oversights in security can be critical)
  • Clear communication; must be able to explain findings to both technical & non-technical stakeholders
  • Analytical thinking: Ability to understand complex systems and identify weak points
  • Report writing & presentation; delivers clear, actionable security assessment reports with prioritised remediations

Salary (Rate): £500/day

City: London

Country: UK

Working Arrangements: hybrid

IR35 Status: outside IR35

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

Application Security Analyst, 3 months, London/Hybrid, £500/day (Outside IR35)

My client, a leading TV production company are currently looking to bring on an Application Security Analyst for an initial 3 month contract. This role is part of the Project Management Office in the IT Department and will support the Security Application Compliance programme.

Key Responsibilities:

  • Perform system application assessments in alignment with established application security controls
  • Communicate and reporting deficiency findings to management
  • Assist IT teams in implementing corrective actions based on identified deficiencies
  • Ensure effective business changes are introduced as a result of deficiency findings.
  • Monitor and follow up on assessment recommendations to ensure timely implementation and resolution with the appropriate IT stakeholders
  • Working with the PM, internal controls colleagues, IT Managers, InfoSec, to improve internal control

Desirable Skills and Experience:

Technical Skills

  • Deep understanding of Web Application Security (eg, OWASP Top 10 & beyond OWASP, such as business logic flaws, access control bypasses)
  • Understanding of secure development practices
  • Static & Dynamic Analysis (eg, DAST)
  • Experience in Authentication & Authorization (eg, modern-day protocols like OAuth, OpenID, and experience in analysing access control and session management)
  • Understanding of Cloud & API security; Cloud platforms (Azure, AWS) & their security implications
  • Experience with Jira & Confluence
  • Experience with Monday.com
  • Experience with Microsoft Teams (including shared folder management on Teams)

Soft Skills

  • Previous experience managing projects/workstreams independently
  • Proven ability to gather information across multiple sources and reconcile it into a comprehensible format for further use by other teams involved with the delivery of the programme (ie, dev/tech teams, etc.)
  • Excellent stakeholder engagement & management skills (ie, workshops, interviews, questionnaires, product demos, etc.)
  • Ability to work in a fast-paced environment and manage multiple priorities across different projects
  • Attention to detail (as small oversights in security can be critical)
  • Clear communication; must be able to explain findings to both technical & non-technical stakeholders
  • Analytical thinking: Ability to understand complex systems and identify weak points
  • Report writing & presentation; delivers clear, actionable security assessment reports with prioritised remediations

Apply
Similar Jobs
Loading data...