Head of Application Security

**Job Title**:
**Head of Application Security**

**Location: West Midlands**

**Duration: Permanent**

**Salary: £75,000- £90,000**

My client is looking for

**Primary Responsibilities:
- Defining developer secure coding practices and ensuring that developers and QA/test personnel are trained with the appropriate level of security knowledge to perform their daily activities;
- Improving and maintaining secure development standards;
- Managing penetration testing services, including delivering a continuous penetration testing programme and driving remediation;
- Supporting supplier security activities to ensure third-party software development meets company security standards;
- Integrating threat modelling practices into the product/software development lifecycle;

**Key Dimensions**:

- The role holder must be able to work with and influence developers, suppliers, QA/test, and Project/Programme delivery colleagues across the whole company eco system. Strong leadership skills and effective management of highly technical individuals is critical.
- Excellent verbal and written communication skills, including experience speaking to leadership and technical colleagues, and writing technical documents

**Professional Experience**:

- Familiarity with waterfall and agile development processes, and experience of integrating secure development practices into both methods.
- Ability to work at senior level and ensure that tactical activity supports the strategic picture.
- Commercial experience from product selection through to vendor relationship and service management.
- Agility of thought and comfort with complexity, together with the patience and resilience to overcome change inertia.
- The will to succeed in support of the business' goals and to align potentially competing agendas to effectively manage cyber security risk within the business risk appetite.
- Familiarity with a variety of development and testing tools (SAST and DAST), for example; Visual Studio, Tenable/Nessus, Git, Azure DevOps Pipelines, SonarQube.
- Ability to explain vulnerabilities and weaknesses described in commonly used frameworks, for example; OWASP Top 10, WASC TCv2, and/or CWE 25 to any audience, and to discuss effective defensive techniques.
- Familiarity with industry standards and regulations e.g.; PCI, ISO27001, NIST, etc
- Preferred or willing to work towards recognised security related qualifications (e.g. CISM, CISSP).

If you are interested in the

**, **or call
**Jeremy** at Akkodis on
**0121 214 6198 **for further information.

Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers.