Senior Application Security Engineer

Company Description

Experian is the world’s leading global information services company. During life’s big moments — from buying a home or a car to sending a child to college to growing a business by connecting with new customers — we empower consumers and our clients to manage their data with confidence. We help individuals to take financial control and access financial services, businesses to make smarter decisions and thrive, lenders to lend more responsibly, and organizations to prevent identity fraud and crime.

We have 17,800 people operating across 44 countries, and every day we’re investing in new technologies, talented people and innovation to help all our clients maximize every opportunity. We are listed on the London Stock Exchange (EXPN) and are a constituent of the FTSE 100 Index.

Learn more at www.experianplc.com or visit our global content hub at our global news blog for the latest news and insights from the Group

Experian is the world’s leading global information services company. During life’s big moments — from buying a home or a car to sending a child to college to growing a business by connecting with new customers — we empower consumers and our clients to manage their data with confidence. We help individuals to take financial control and access financial services, businesses to make smarter decisions and thrive, lenders to lend more responsibly, and organizations to prevent identity fraud and crime.

We have 17,800 people operating across 44 countries, and every day we’re investing in new technologies, talented people and innovation to help all our clients maximize every opportunity. We are listed on the London Stock Exchange (EXPN) and are a constituent of the FTSE 100 Index.

Learn more at www.experianplc.com or visit our global content hub at our global news blog for the latest news and insights from the Group

Job Description

We are seeking an experienced Application Security Engineer to enhance our application security processes with a strong emphasis on business engagement. This role requires excellent communication skills to effectively interact with business unit leaders and executives. The ideal candidate will be responsible for static, SCA, and dynamic scanning, collaborating with software engineers, provide flaw mitigation recommendations, and implementing automated security controls throughout the development lifecycle and CI/CD pipelines. Ensure the Software Security Policy and Baseline requirements are met for new agile deliveries and for legacy estate with flaws and issues managed effectively throughout all stages of an applications' life. 

Reporting Relationship  

Reports to the Manager of Application Security  

Key Responsibilities 

• Collaborate with software engineers and leadership to address security risks and provide mitigation recommendations within the Secure Development Lifecycle (SDLC).  

• Work closely with development teams to understand their needs and the risk profile for each application and customize solutions to meet the needs of the application  

• Collaborate on the implementation and management of SAST, SCA, DAST, and other scanning solutions to provide coverage for the application portfolio   

• Guide development teams through a review of their applications and risks against common application flaws (e.g., OWASP Top 10) and provide prioritized visibility to senior management along with context 

• Operate as an advocate for Security in interactions with internal and external teams  

• Work with Risk & Compliance teams on audits (e.g., SOC 2, PCI-DSS, HIPAA) and recommend relevant Application Security policy and procedures 

• Actively contribute to internal and external/client audits, ensuring compliance with security standards 

• Lead projects to implement security technologies enterprise-wide 

• Integrate 3rd party and build custom solutions into our CI/CD pipelines and development cycles.  

• Define security guardrails through automated tool policies, SLAs, custom rules, and support the developer community  

• Support the enterprise in managing vulnerabilities through automated tooling and security assessments  

• Work with Security Champions to build relationships and ensure key activities are supported and deliverables are achieved in a timely manner.  

• Support education and awareness strategy rollout for Development community.  

• Support the AppSec technical team in maximizing effective relationship with Business Units 

•  Explore and engage in process improvement initiatives to enhance application security 

Qualifications

Position Requirements  

Education & Certification  

• Four-year college diploma or university degree in computer science or computer engineering, and/or 5 years equivalent work experience in application development.  

• CSSLP certification preferred.  

• Additional certifications in Application Testing Mechanisms are a plus.  

Knowledge & Experience  

• 5+ years direct experience in enterprise-level application security.  

• Proficiency with SAST, SCA, DAST, IAST, RASP tooling. 

• Experience in AppSec or DevSecOps. 

• Experience with CI/CD pipelines and cloud-based architectures. 

• Proven experience in overseeing the linking of cross-functional applications between disparate business units and systems.  

• Experience with business and technical requirements analysis, business process modeling/mapping, methodology development, and data mapping.  

• Strong understanding and background in MITRE, OWASP, SafeCode, risk management methodologies as they relate to integration/software testing.  

• Good project management skills and/or substantial exposure to project-based work structures, project lifecycle models, etc.  

• Strong understanding of end-user needs and requirements.  

• Excellent understanding of the organization’s goals and objectives.  

• Knowledge of cloud and GenAI security is an advantage. 

Personal Attributes  

• Exceptional oral and interpersonal communication skills.  

Additional Information

Additional Information

Why choose us?

Our colleagues’ health and wellbeing are a top priority for us, that’s why our reward, benefits and wellbeing programmes are designed so you can come to work feeling your very best self. Our benefits focus on health, money, and lifestyle so you can tailor your benefits to your own personal needs. Whether it’s your physical and mental wellness, getting to work or preparing for the next big milestone in your life, we have a range of flexible options to have you covered!

To learn more about our culture and what it’s really like to work here, check out our interactive guide here: https://view.pagetiger.com/experianguideforcandidates/1

Could this be the role for you? Apply now to start your journey with Experian.

Experian Careers - Creating a better tomorrow together

Find out what its like to work for Experian by clicking here