APPLICATIONS SECURITY ANALYST – NSSA 41 views

Key Responsibilities

• Guides and defines application security policies and standards by interpreting OWASP, ISO 27034 and SafeCode requirements, deciding on compliance expectations for development teams, and liaising across ICT and business units to ensure applications consistently meet Authority security obligations. Secure Design, Architecture & Threat Modelling.
• Influences application design decisions by driving the integration of secure-by-design principles, leading threat modelling exercises, advising architects and developers on secure patterns, and ensuring proposed solutions appropriately address application-level risks.
• Oversees and conducts comprehensive security assessments of applications, APIs and integrations by leading vulnerability analysis, code reviews and penetration testing efforts, and deciding on prioritized remediation paths based on risk severity.
• Leads application-related incident response by analysing security events, liaising with operations teams during containment, guiding investigative actions, and ensuring documentation and reporting align with CDPA and internal incident handling procedures.
• Drives the application vulnerability management lifecycle by evaluating identified weaknesses, guiding technical teams on mitigation steps, defining remediation timelines, and ensuring application environments adhere to secure configuration requirements.
• Guides and oversees enforcement of application-level access controls, deciding on role-based access issues where needed, liaising with system owners to mitigate identity-related vulnerabilities, and ensuring secure authentication and authorisation for APIs and integrations.
• Guides the selection and configuration of application security controls including DLP, endpoint protections, WAF rules, API security controls, and secure application settings ensuring systems processing Authority data comply with approved security procedures.
• Provides leadership and direction to the Application Security Specialist by assigning assessment tasks, reviewing outputs, mentoring on secure development practices, and ensuring the team executes application security activities to required standards.
• Drives secure coding maturity by liaising with internal and external development teams, delivering targeted awareness programmes, guiding developers on secure coding patterns, and shaping a culture of application security within the SDLC.
• Prepares and presents application security assessment reports, risk dashboards, and compliance updates to ICT Management, ensuring decisions about application risks are informed, timely, and aligned with Authority policies and procedures.

Requirements

• Degree in Computer Science, Information Systems, Software Engineering or equivalent.
• Professional security certifications such as CSSLP, GIAC GWEB, GIAC GWEB, OSWE, OSCP, ISO 27034, or equivalent are desirable.
• A minimum of 5 years’ experience in application security, software security, software development.

How to Apply