Head of AppSec
Why join Photobox Group Security?
PhotoBox Group Security is a trusted, high energy, empowered and proactive team. If you are looking for a place to make a difference, apply your security knowledge, learn a lot, be part of a highly productive team, and are able to work collaboratively with all parts of the business, this is the place for you.
We have a great culture, with a very horizontal structure. We expect you to be knowledgeable, trustworthy, empowered, friendly, focused and responsible.
Our mission is to secure the magic moments created by our customers, across all our brands. Our operating principles define what we focus on and how we make decisions. We hold ourselves accountable against these principles.
1. We are enablers for the organisation, not a bottleneck
2. We drive transparency and accountability in risk management
3. We minimise vulnerabilities
4. We hack ourselves first
5. We educate and empower our internal stakeholders and developers
6: We contribute to adding financial value.
As the Head of AppSec you will work alongside the Group Security management team and ensure that any software developed by our engineers meets our overall security standards and protects our customer’s data. You will lead all AppSec activities and be the driving force behind activities such as threat modelling, security automation in our continuous integration pipeline, code reviews, security standards and our Security Champions network.
What will you do?
- Work with many functional teams you will ensure that PhotoBox Group’s applications stay at the highest security level
- Support development teams to carry out application security reviews
- Provide expert advice and consultancy to software and platform engineering on risk assessment, threat modelling and fixing vulnerabilities
- Lead app security projects to ensure timely completion of efforts
- Drive security into engineering’s systems development life cycle to ensure that security is built in and considered
- Support security policies and procedures
- Evaluate new and emerging security products and technologies
- Collaborate with engineering, testing, and operations groups
Who are you?
- Strong development background in application engineering/architecture
- Great stakeholder management and influencing skills
- Developer training and curriculum development
- Have a deep understanding and hands on experience of secure software development practices including threat modelling, secure design principles, secure coding, code analysis, security testing and AppSec automation etc.
Tech Stack (You must be proficient in at least one of the following)
- OWASP, SAST, DAST, IAST, WAF
- TDD, BDD, Test DSLs.
- Ability to fix code and work directly with developers