• Application Security Lead

    Requisition ID 2462733
    Job Family PL-Krakow
  • Posting Description

    Responsibilities:

     

    A key task over the next year or two is integrating security testing into DevOps. Required experience includes automating security testing at scale by building and implementing static any dynamic analysis tools and integrating security into the software development lifecycle.

    • Responsible for managing security assessment queue and conducting application security assessment such as Static & Dynamic Analysis
    • Provides management oversight to the Application Security team
    • Responsible for the overall execution of the plans and procedures related to Application Security for Aon
    • Manage the relationship with third-party vendors providing services to support application security assessments
    • Oversee reporting that will provide analytics and metrics to Cybersecurity leadership
    • Must be competent to work at a high technical level of Web, Thick Client, Mobile, Web Services application penetration testing, capable of identifying security vulnerabilities, develop documentations, drive remediation and work with others to assist the education of secure software development lifecycle.
    • Assess applications and threat landscape
    • Find creative solutions to complex security problems
    • Teach/train application engineers on advanced security concepts and provide remediation guidance
    • Assists in the development of application security defender program
    • Provide and supports implementation of business solutions
    • Support governance and compliance audits relative to PCI, HIPPA, Sox and other regulations
    • Help with incident response when needed

     

    Qualifications and Skills:

    • 5+ years of experience working in Application Security and performing static & dynamic analysis
    • Advanced level knowledge of at least one common compiled language (e.g., C, C++, Java, .NET) and one scripting language (e.g., Perl, Bash, Python, Ruby)
    • Advanced level knowledge of JavaScript, HTML
    • Advanced level understanding of the encryption and hashing algorithm
    • Advanced level understanding of OWASP TOP 10 and SANS TOP 25 vulnerabilities
    • Intermediate level web programming ability (e.g., ASP.NET, PHP, Perl CGI or Java)
    • Familiarity with BurpSuite, IBM AppScan, OWASP ZAP
    • Basic understanding of common internet protocols at the application, transport and network layers (e.g., HTTP, FTP, SSH, SMTP)
    • Basic understanding of XML, SOAP and AJAX
    • Excellent written and oral communication skills

    Strong work ethic with the ability to effectively multitask in a fast-paced environment

     

    We offer:

    • The best medical cover on the market with free dental care
    • Generous benefits package for your wellbeing (multisport cards, insurance, vouchers, and many more!)
    • Stability of employment and permanent contract after trial period
    • Brand new office supporting collaboration, flexibility and activity based working
    • Internal career opportunities and individual development plan
    • Unique workplace culture - we value openness, honesty and authenticity, so don’t expect formal dress code nor managers hidden behind closed doors
    • Lots of social events, charity actions and opportunities to integrate with colleagues

     

    Please attach CV in English only.

     

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Join our Talent Community to stay informed about Aon opportunities.