Receive alerts when this company posts new jobs.

Similar Jobs

Job Details

Application Security Engineer

at Endava

Posted: 7/31/2019
Job Status: Full Time
Job Reference #: ARC00014
Keywords: architect

Job Description

Endava is a public technology company, with over 18 years of experience of working with some of the world's leading Finance, Insurance, Telecommunications, Media, Technology, and Retail companies. Through the Digital Evolution, Agile Transformation and Automation solutions, Endava helps its clients be more engaging, responsive and efficient by supporting them from ideation to production.

Endava has over 5,000 employees located in offices in North America and Western Europe and delivery centres in Romania, Moldova, Bulgaria, Serbia, Macedonia, Argentina, Uruguay, Venezuela, and Colombia.

Along with investing in long-term customer relationships, Endava recognized the importance of providing rewarding and challenging careers for people and, by doing so, has established itself as the employer of choice in certain regions.

We are seeking a dynamic and highly experienced security architect with outstanding client-facing skills. As a senior architect, you will be taking an active technical leadership role on projects to deliver solutions to our clients, and also be involved in pre-sales efforts and in mentoring Endava technical staff. Candidates will be evaluated on the basis of:
  1. Hands on technical skills
  2. Client-facing & sales skills
  3. Breadth & length of experience
In this role you must be confident in engaging in a range of conversations with senior client management and technical staff, have the ability to lead discussions and workshops, and have the technical ability to both architect, design, and implement complex enterprise solutions.
Endava is a rapidly expanding, global, organisation and as such the candidate will be required to undertake travel to work close to client as well as to interact with our near shore delivery teams.

Main duties:
Application and Technology Architecture
  • Drafts conceptual and actual application security policy
  • Consults with and leads clients in evolving their application security and/or DevSecOps program
  • Works with client teams to automate security design and/or testing
  • Assists client development teams during product design with a focus on secure software architecture
  • Assists client development teams to promote re-use of secure code templates/functions
  • Advises client development teams during product development to assure compliance with security principles, guidelines, standards, controls, and governance
  • Assists client development teams with a variety of security testing tools (unit testing, SAST, DAST, etc.) and with remediation of security related test findings
  • Assists client development teams with defining/refining, documenting, and reporting various security related KPI's throughout the development cycle
  • Shares and articulates security vision with key stakeholders by organizing discussions and formal presentations
  • Participates in working groups of subject matter experts for definition and review of security standards, guidelines, principles, governance, remediations, and controls
  • Actively contributes to and participates in broadening the understanding of security and DevSecOps within Endava
  • Works closely with DevOps engineers to ensure a shared vision across Endava for DevSecOps
  • Provides technical guidance to cross-functional application development teams
  • Contributes to the technology strategy, vision, requirements, and solutions for client engagements
Application Design
  • Consults with application development teams to determine security requirements and for planning and delivering business solutions
  • Consults with application development teams to enable secure software design and underlying application infrastructure is properly secured
Process Management
  • Assists in the development of estimates for security projects
  • Contributes to defining time tables and project plans
  • Assists in the definition of milestones and progress tracking


Skills Required:

  • Prior development experience in 2 programming languages
  • Extensive experience in secure software design/architecture
  • Experience with CI/CD pipelines
  • Knowledge of container security and SOAR technologies
  • In-depth knowledge of one or more cloud platforms (e.g. AWS, Azure)
  • Experience automating security testing
  • Experience with best practices related to securing a development pipeline
  • Exposure to Veracode (SAST & DAST) and 3rd party component scanners
  • 6 years of experience in application security
  • Exceptional client-facing communications skills, both written and verbal
  • Expertise with various security and development tools commonly used during the development cycle (e.g. Docker, Jenkins, Puppet, Ansible, Nessus, Veracode, Cucumber, etc.)
  • Very strong analytical skills
  • Experience in pre-sales efforts and running client engagements from a technical perspective
  • Experience in the security issues with modernizing legacy software architectures and designing new software
  • Proficiency in creating a broad range of security and other technical documentation
  • Ability to conduct manual code reviews, looking for security flaws
  • Possess a thorough understanding of the software implementation lifecycle, specifically how security fits into an agile and/or DevSecOps delivery model
  • Bachelor's Degree in a technical discipline or related experience preferred
  • Possesses a working knowledge of programming languages, software design methodologies, and software architecture
  • Experience in developing patches and/or remediating pre-release flaws
  • Thorough understanding of DevSecOps culture, practices, and tools