Application Security (AppSec) Engineer bei AND Digital

Who We Are
AND Digital is a tech company dedicated to accelerating digital delivery and closing the digital skills gap. Since 2014, we have supported organisations in building better digital products and stronger digital teams.
We believe our work should always create a remarkable impact for our clients. Through our regional offices, known as ‘Clubs,’ we build strong relationships with our partners, ensuring they are prioritised by teams located nearby.
This unique model has driven success for both our clients and ourselves, reflected in our remarkable organic growth since 2014. Today, we are over 1,300 people strong, with Clubs across the UK, Europe, and the USA—and plans for global expansion in the coming years.
Join us and help fulfil our mission to close the world’s digital skills gap.

The Role: Application (AppSec) Security Engineer

We are seeking an experienced and proactive Application Security Engineer to join our SecOps team. The team is responsible for maintaining the AND wide Security Champion program, responding to security threats and incidents, improving AND security posture, fulfilling compliance requirements and supporting improving AND’s business platforms security posture. The ideal candidate will be a technical specialist with a passion for securing applications across the full development lifecycle. This role is a key part of our commitment to enhancing security posture and will focus on managing and improving the security of a diverse set of applications, from commercial off-the-shelf products to our own internally developed services. You'll be a self-starter who is eager to drive change and continuously develop your skills in a dynamic environment.

Key Responsibilities : 

• Application Management: Take ownership of the security of core technical applications, including Gitlab, Atlassian products (Jira, Confluence), and other niche, internally built services.
• Compliance & Audits: Aid in the preparation for, and contribute to, internal and external audits, particularly in relation to the ISO:27001 standard.
• Security Champion Programme: Develop and maintain content and training materials for the security champion programme, providing guidance and support to development teams to foster a culture of security.
• Policy & Process Contribution: Actively contribute to the creation, distribution, and continuous improvement of internal security policies and processes.
• Vulnerability Management: Identify, triage, and manage vulnerabilities within the application landscape, working closely with engineering teams to ensure timely remediation.

Required Experience & Skills

• A minimum of three years of hands-on experience in an Application Security or similar technical security-focused role (SAST, SCA, DAST, IaC etc). We are open to diverse backgrounds.
• Strong understanding of application security concepts, secure development lifecycles (SDLC), and common vulnerabilities and attack vectors (e.g., OWASP Top 10).
• Experience with a range of security tools and technologies.
• Familiarity with compliance frameworks, particularly ISO:27001, is highly desirable.
• Excellent communication skills, with the ability to articulate technical security concepts to both technical and non-technical audiences.

Desired Attributes

• Eagerness to Learn: A demonstrable passion for continuous self-development and staying current with the latest security threats and technologies.
• Coaching and Mentoring: Demonstrates true willingness to upskill and mentor others. 
• Proactive Mindset: A self-starter who can identify opportunities for improvement and take initiative to implement solutions.
• Collaborative Spirit: The ability to work effectively with cross-functional teams and build strong working relationships.
• Problem-Solving: Strong analytical and problem-solving skills, with a methodical approach to security challenges.

Equal Opportunities Statement

We are an equal opportunity employer and welcome applications from all qualified candidates. We actively encourage applications from women, ethnic minorities, and individuals with disabilities. We consider all flexible working arrangements, subject to the requirements of the role. Where reasonable adjustments are needed, we will strive to make changes to accommodate them.