Roles/Responsibilities
- 12-month contract with potential for extension.
- Hybrid role (1-2 days onsite per week).
- Monitor and manage application security vulnerabilities identified via penetration tests, SAST, DAST, and other sources, ensuring timely resolution within defined SLAs.
- Triaging vulnerabilities to determine if they require action or can be marked as false positives, providing justifications for decisions.
- Collaborate with penetration testing providers to ensure tests are conducted in a timely manner and results are actionable.
- Serve as a liaison with the group security team to maintain a single source of truth for vulnerabilities and resolve disputes regarding false positives.
- Design and implement security enhancements for APIs and web applications developed in Node.js and Vue.js.
- Maintain and refine software application security policies and procedures to align with best practices.
- Provide technical guidance to the Solution Delivery team to ensure security best practices are embedded throughout the software development lifecycle.
- Report on the security posture of the Solution Delivery team to steering groups, including providing remediation targets and justifications.
Skills/Experience
- 5+ years of experience as a Web Application Developer with a focus on secure development practices.
- Proficiency in secure REST/JSON API development and Node.js.
- Strong understanding of web technologies (JavaScript frameworks like Vue.js or Angular, HTML, CSS) and the associated security considerations.
- Familiarity with OWASP Top 10 and other security frameworks.
- Proven experience in triaging and remediating third-party dependency vulnerabilities (e.g., via npm).
- Hands-on experience with tools for static (SAST) and dynamic (DAST) application security testing.
- Knowledge of HTTP and API security concepts, including common vulnerabilities and their mitigations.
- Experience in software project lifecycles using DevOps methodologies and tools like Git, Jira, and Confluence.
- Experience working with penetration testing teams and understanding the penetration testing process.
- Excellent communication skills to liaise with technical teams and articulate findings to non-technical stakeholders.
Non-Technical Skills
- Highly motivated, enthusiastic, and capable of working both independently and collaboratively in a team-oriented environment.
- Exceptional analytical and problem-solving skills, with attention to detail and a business-focused approach.
- Strong interpersonal skills, with the ability to influence technical decisions and communicate effectively in a fast-paced environment.
- Demonstrates creativity and resourcefulness in presenting solutions to complex security challenges.
Morgan McKinley is acting as an Employment Agency and references to pay rates are indicative.
BY APPLYING FOR THIS ROLE YOU ARE AGREEING TO OUR TERMS OF SERVICE WHICH TOGETHER WITH OUR PRIVACY STATEMENT GOVERN YOUR USE OF MORGAN MCKINLEY SERVICES.
