Role Overview
The Application Security Assurance Specialist is responsible for overseeing the security assurance processes within software development and deployment pipelines across diverse methodologies. This role champions proactive integration, governance, and enhancement of security controls, ensuring the maturity and effectiveness of application security frameworks to safeguard critical business systems.
What you’ll be doing
Security Governance and Integration
- Define and enforce embedded security practices across SDLC and CI/CD pipelines, ensuring compliance with organisational security policies and standard.
- Oversee the integration of advanced security tools (e.g., SAST, DAST, SCA, automated secret scanning) with development environment.
- Provide technical guidance on security configuration management, deployment hardening, and secure integration of tooling across all phases of software delivery.
Application Security Assurance
- Conduct in-depth security risk assessments for high- and low-level technical designs, evaluating compliance against OWASP, CIS Benchmarks, and secure coding standard.
- Perform comprehensive security testing across application environments, including API security, container scanning, and dynamic runtime assessments, while evaluating residual risk post assessment.
Strategic Consultation and Advancement
- Collaborate with stakeholders to assess the security maturity of existing practices and recommend improvements aligned with compliance requirements and delivery velocity.
- Provide expert-level recommendations on refining automation processes, risk mitigation strategies, and deployment of compensating controls where necessary.
- Evaluate emerging technologies and leverage AI-driven application security tools to optimize assurance activities.
Collaboration and Leadership
- Partner with development and DevSecOps teams to embed robust security measures within workflows, ensuring alignment with secure coding standards and organisational priorities.
- Actively engage in training development teams, fostering a culture of security awareness and empowering stakeholders to implement best practice.
- Lead cross‑functional teams to complete security assurance initiatives effectively.
Reporting and Documentation
- Generate actionable reports and presentations tailored to technical and non-technical audiences, highlighting findings, severity assessments, and remediation tracking.
- Maintain clear, auditable documentation for compliance purposes and contribute strategic insights into executive‑level review.
What you’ll bring
- 5+ Years experience in providing technical expertise in managing security frameworks and tools (SAST, DAST, SCA, container security, etc.).
- Advanced knowledge of application lifecycle management methodologies (Waterfall, Agile, DevSecOps, CI/CD).
- Strong understanding of compliance with standards such as OWASP Top 10, NIST CSF, and CIS Controls.
- Demonstrated ability to lead security assurance initiatives across complex development environments.
- Proficiency in designing and executing technical assessments and risk evaluations.
Preferred Qualifications
- Familiarity with AI‑driven application and security testing tools and their integration within pipelines.
- Professional certifications such as CISSP, CSSLP, or similar.
- Experience in development enablement through creation of secure coding frameworks and tools for automated quality assurance.
Success Metrics (6‑12 months)
- Complete security assessments for critical systems within stipulated timelines, ensuring vulnerabilities are resolved collaboratively with development teams.
- Successfully integrate comprehensive security controls into CI/CD pipelines, automating compliance checks.
- Reduce incident response time by identifying and remediating residual risks before go‑live stages.
- Achieve alignment and certification for designated projects against OWASP and CIS standards within established business constraints.
