Job: Senior Specialist, Application Security at a software development company – Senior Specialist, Application Security

A renowned financial services company specializing in the use of technology for revenue collection and management needs the
service of the following personnel who must be highly qualified and experienced.

Job objectives

  • Establish strategic direction for the Application Security program and establish project plans for the execution of the Application Security strategy
  • Responsible for the implementation, operational management and ownership of all areas of Application Security
  • Ensure that a formal set of processes are in place by which the group can identify various security issues, gaps and corrective actions to ensure optimum security of its IT operations

Reports to:

Managing Director/Head, Technology
(administrative reports)
Professional responsibilities
Department: Application Security Supervises:
Specialist, Application Security

Key performance indicators
Skill requirements

  • Apply security policies and procedures to the entire application landscape
  • Ensure effective management of users and access according to the access profile
  • Audit security policies and procedures
  • Identify, investigate and report suspected violations and review findings with key stakeholders
  • Oversee the development of security policies
  • Manage information security application security personnel in the identification, development, implementation and maintenance of information
  • security processes across the suite of enterprise applications for
  • reduce risk, respond to incidents and limit exposure to liability.
  • Implements tools and strategies to ensure successful application security program implementation
  • Ensure detailed security designs match high-level designs and are traceable to functional specification requirements
  • Ensure that the security designs produced adhere to the architectural roadmap
  • and support the development, execution and service operations
  • Research emerging technologies in support of security improvement and development efforts
  • # of application security breaches/incidents
  • # of security incidents due to incorrect patch / no patch
  • deployment
  • Timely reporting of security incidents/breaches
  • # security awareness
  • communication
  • # of formal security training
  • % of employees covered by formal security
  • training
  • # of security breaches encountered / reported to the Service Desk
  • # of security breaches identified and resolved (i.e. mitigation measures identified and implemented
  • Working knowledge of database and application security
  • Experience in the field of information security
  • Knowledge of risks related to key platforms
  • Good knowledge of application security control mechanisms
  • Strong interpersonal skills to work with different teams inside and outside the company
  • Good understanding of software development life
  • Cycle methodologies such as Waterfall, Agile
  • Exposure to application security vulnerabilities
  • (as listed in the OWASP Top 10), security testing methodologies and related tools
  • Programming experience
  • Problem solving
  • English
  • Develops and implements a program of secure code practices that includes threat modeling and automated application scanning
  • Communicates effectively with application development teams and customers to resolve complex information security issues
  • Reviews documentation created by direct reports to provide constructive feedback.
  • Work with customer-facing teams to ensure information security initiatives are understood and implemented.
  • Establishes goals and objectives for team performance and manages achievement of those objectives.
  • Develops and delivers services in response to various risks and threats.
  • Responsible for information security technical architecture, system security designs, implementation and information management
  • security systems and/or programs for the protection of the application environment.
  • Keeps senior management informed of the status of information security issues and initiatives.
  • Review technical security reports
  • Nominal fiscal responsibility or ability to spend
  • on) within the agreed SLA / deadlines
  • % reduction in the impact of security breaches and incidents

Specification/Qualification
Qualification for Education

Minimum of a Higher National Diploma (HND) in Computer Science, Computer Engineering or related fields

Professional qualification
Possession of the following certification is recommended: SSCP / CISSP, CISM

experience wanted
7 to 10 years of functional experience


Click here to apply

Comments are closed.