IT Operations Specialist I - AppSec DevSecOps in Farnborough

The AppSec / DevSecOps Engineer is responsible for ensuring the security of code development processes and applications, with a focus on both traditional and AI-driven solutions. This position will work closely with internal IT teams, internal customers, and external vendors, contributing to robust security practices and risk management across the organization.

Responsibilities

• Define and implement security testing strategies for AI solutions, utilizing both grey box and black box methodologies.
• Grey Box Testing: Conduct Static Application Security Testing (SAST), dependency scanning, secrets scanning, Infrastructure as Code (IaC) scanning, and configuration reviews.
• Black Box Testing: Perform Dynamic Application Security Testing (DAST), API fuzzing, authentication testing, and rate-limit tests.
• AI-Specific Security Tests: Execute prompt injection checks, jailbreaking resistance assessments, tool misuse evaluations, and leakage tests tailored for AI applications.
• Review remediation efforts and verify fixes prior to production deployment.
• Conduct thorough risk assessments of new and existing applications, identifying vulnerabilities and security gaps.
• Analyze and interpret security assessment findings, providing actionable recommendations to mitigate risks.
• Collaborate with software development teams to implement security best practices and ensure secure coding standards.
• Stay current with emerging threats, vulnerabilities, and industry trends, integrating this knowledge into risk assessment processes.
• Participate in security reviews to evaluate and validate the effectiveness of security controls.
• Provide technical guidance and support for incident response efforts related to application security incidents.
• Review and validate contracts, Statements of Work (SOW), and Data Processing Agreements (DPAs).

Qualifications

• Accredited four (4) year degree or global equivalent in applicable field of study and five (5) years of work-related experience or a combination of education and directly related experience equal to nine (9) years if non-degreed; some locations may have additional or different qualifications in order to comply with local requirements.
• Ability to communicate effectively with audiences that include but are not limited to management, coworkers, clients, vendors, contractors, and visitors.
• Job related technical knowledge necessary to complete the job.
• Ability to learn and apply knowledge of applicable local, state/province, and federal/national statutes and guidelines.
• Bachelor's degree in Computer Science, Information Technology, or a related field.
• Experience with security testing tools and methodologies (SAST, DAST, dependency scanning, API fuzzing, etc.).
• Familiarity with AI security concerns, including prompt injection and jailbreaking resistance.
• Strong understanding of secure coding practices and application risk assessment.
• Effective communication and collaboration skills for working with cross-functional teams and external partners.
• Ability to develop and maintain technical documentation, policy standards, and runbooks.
• Proven experience (5 years) as an IT Security Analyst or similar role, with a focus on application security, Azure Active Directory, conditional access policies, and single sign-on (SSO) configurations.
• Ability to effectively adapt to rapidly changing technology and apply it to business needs.
• Demonstrated strong technical and non-technical communication skills, both oral and written.
• Strong team-oriented interpersonal skills.
• Proficiency in scripting or programming languages (e.g., Python, JavaScript, Java) is a plus.
• Excellent communication skills to convey complex technical concepts to non-technical stakeholders.
• Strong problem-solving skills.
• Strong organizational skills and attention to detail, especially concerning note-taking when evaluating applications and attending meetings.
• Organize and prioritize a variety of projects and multiple tasks in an effective and timely manner, set priorities, and meet deadlines.

Benefits

Fluor is proud to offer a comprehensive benefits package designed to promote employee health, wellness, and financial security. Our offerings include medical, dental and vision plans, EAP, disability coverage, life insurance, AD&D, voluntary benefit plans, 401(k) with a company match, paid time off (personal, bereavement, sick, holidays) for salaried employees, paid sick leave per state requirement for craft employees, parental leave, and training and development courses.