Application Security Assurance Specialist

Application Security Assurance Specialist

Role Overvie

wThe Application Security Assurance Specialist is responsible for overseeing the security assurance processes within software development and deployment pipelines across diverse methodologies. This role champions proactive integration, governance, and enhancement of security controls, ensuring the maturity and effectiveness of application security frameworks to safeguard critical business systems

.
What you'll be doin

g;Security Governance and Integrati

• onDefine and enforce embedded security practices across SDLC and CI/CD pipelines, ensuring compliance with organisational security policies and standard
• s.Oversee the integration of advanced security tools (e.g., SAST, DAST, SCA, automated secret scanning) with development environment
• s.Provide technical guidance on security configuration management, deployment hardening, and secure integration of tooling across all phases of software deliver

y.Application Security Assuran

• ceConduct in-depth security risk assessments for high- and low-level technical designs, evaluating compliance against OWASP, CIS Benchmarks, and secure coding standard
• s.Perform comprehensive security testing across application environments, including API security, container scanning, and dynamic runtime assessments, while evaluating residual risk post-assessmen

t.Strategic Consultation and Advanceme

• ntCollaborate with stakeholders to assess the security maturity of existing practices and recommend improvements aligned with compliance requirements and delivery velocit
• y.Provide expert-level recommendations on the refinement of automation processes, risk mitigation strategies, and the deployment of compensating controls where necessar
• y.Evaluate emerging technologies and leverage AI-driven application security tools to optimise assurance activitie

s.Collaboration and Leadersh

• ipPartner with development and DevSecOps teams to embed robust security measures within workflows, ensuring alignment with secure coding standards and organisational prioritie
• s.Actively engage in the training of development teams, fostering a culture of security awareness and empowering stakeholders to implement best practice
• s.Lead cross-functional teams to complete security assurance initiatives effectivel

y.Reporting and Documentati

• onGenerate actionable reports and presentations tailored to technical and non-technical audiences, highlighting findings, severity assessments, and remediation trackin
• g.Maintain clear, auditable documentation for compliance purposes and contribute strategic insights into executive-level review

s.
What you'll bri

• ng;5+ Years experience in providing technical expertise in managing security frameworks and tools (SAST, DAST, SCA, container security, etc
• .).Advanced knowledge of application lifecycle management methodologies (Waterfall, Agile, DevSecOps, CI/C
• D).Strong understanding of compliance with standards such as OWASP Top 10, NIST CSF, and CIS Contro
• ls.Demonstrated ability to lead security assurance initiatives across complex development environmen
• ts.Proficiency in designing and executing technical assessments and risk evaluatio

ns.
Preferred Qualificat

• ionsFamiliarity with AI-driven application and security testing tools and their integration within pipeli
• nes.Professional certifications such as CISSP, CSSLP, or simi
• lar.Experience in development enablement through the creation of secure coding frameworks and tools for automated quality assura

nce.
Success Metrics (6-12 mo

• nths)Complete security assessments for critical systems within stipulated timelines, ensuring vulnerabilities are resolved collaboratively with development t
• eams.Successfully integrate comprehensive security controls into CI/CD pipelines, automating compliance ch
• ecks.Reduce incident response time by identifying and remediating residual risks before go-live st
• ages.Achieve alignment and certification for designated projects against OWASP and CIS standards within established business constra