Lead Application Security Engineer New ADD LOCATION HERE

Lead Application Security Engineer

Location: London Soho Square - Hybrid (with 2 days a week in the office)

Reporting to: Chief Information Security Officer

Business Unit: Security - General

The role

The role will sit within the Information Security team and focus on guiding and supporting the development teams to deliver secure solutions for Rightmove's users and partners. Your input will help improve security all the way through our SDLC, and support our objectives to make everyone believe that they can make their move. No two days at Rightmove are the same however(!), and you'll also be working closely with Infrastructure, Compliance, Legal and Data Protection teams to ensure Rightmove's security requirements are being met, and incidents are responded to effectively.

What you'll be doing

• Providing technical leadership and acting as a subject matter expert on application security best practice.
• Providing security training and guidance to engineering teams to help them embed security into the software development process.
• Deploying and configuring application security testing tools (SAST, DAST etc.), and where possible integrating these with CI/CD pipelines and other DevOps tools.
• Assessing vulnerability reports from internal tools, penetration tests and external bug submissions.
• Owning vulnerability management across our application estate, triaging issues and findings, and prioritising and tracking remediation work.
• Ensuring Rightmove applications comply with security standards, industry best practices and relevant regulations.
• Running threat modelling workshops to discover, analyse and mitigate potential security risks and attack vectors for new features and applications before they are developed.
• Assisting in the investigation and resolution of security incidents related to applications.
• Writing custom applications and scripts to augment our existing information security toolset.
• Working with team members and external partners on penetration tests and red team engagements to assess our security posture, along with our detection and recovery capabilities.
• Supporting your team members by actively removing blockers.

We're looking for someone who

• Has proficiency in multiple programming languages and a strong understanding of secure coding practices.
• Has an extensive knowledge of web application architectures, common security vulnerabilities (e.g. OWASP Top 10, SANS CWE Top 25 etc.) and application development standards (e.g. OWASP ASVS).
• Is familiar with cloud technologies, DevOps principles and security tools like Burp Suite, OWASP ZAP and SAST/DAST/SCA scanners.
• Can manage their own workload, making decisions on what tasks need to be prioritised.
• Is confident to communicate and collaborate with internal and external stakeholders, either individually or in group settings, and across a variety of levels of seniority and technical understanding.
• Can reach decisions, even if they are difficult, and is able to provide a clear explanation of the rationale and approach taken.
• Follows through on commitments and can be relied upon to get things done.
• Is proactive, hands on and wants to make things better.

What you'll bring to the role

• Minimum of 5 years working in software engineering, with a strong focus on web application security.
• A passion for information security and a drive to keep learning and developing experience with new and emerging technologies.
• Deep knowledge and understanding of common web application security vulnerabilities and best practices.
• Hands on experience with security tools like SAST, DAST and SCA.
• Familiarity with cloud environments (especially GCP), containers and microservices.
• Proficiency with automating security controls within CI/CD pipelines.
• Ability to explain complex application security concepts to developers, and also to stakeholders with different levels of experience and understanding.
• Understanding of relevant regulations (such as GDPR).
• Strong communication skills and ability to collaborate effectively with engineers and promote secure by default practice.
• Report writing and note taking skills.
• Ability to prioritise both operational and project demands.
• Ability to handle high pressure situations in a productive and professional manner.

About Rightmove

Our vision is to give everyone the belief that they can make their move. We aim to make moving simpler, by giving everyone the best place to turn to and return to for access to the tools, expertise, trust and belief to make it happen.

We're home to the UK's largest choice of properties, and are the go to destination for millions of people planning their next move, reading the latest industry news, or just browsing what's on the market.

These values reflect our culture:

• Wecreatevalue by delivering results and building trust with partners and consumers.
• Wethinkbigger by acting with curiosity and setting bold aspirations.
• Wecaredeeply by being real, having fun and valuing diversity.
• Wemovetogether by being one team - internally collaborative, externally competitive.
• Wemakeadifference by focusing on delivering measurable impact.

We believe in careers that open doors and help our team develop by providing an open and inclusive work environment, offering ongoing training opportunities and supporting charity fundraising events. With 88 % of Rightmovers saying we're a great place to work, we're clearly doing something right!

What we offer

• Cash plan for dental, optical and physio treatments.
• Private Medical Insurance, Pension and Life Insurance, Employee Assistance Plan.
• 27 days holiday plus two (paid) volunteering days a year to give back, and holiday buy schemes.
• Hybrid working pattern with 2 days in the office.
• Contributory stakeholder pension.
• Life assurance at 4x your basic salary to a spouse, family member or other nominated person in your life.
• Competitive compensation package.
• Paid leave for maternity, paternity, adoption and fertility.
• Travel Loans, Bike to Work scheme, Rental Deposit Loan.
• Charitable contributions through Payroll Giving and donation matching.
• Access deals and discounts on things like travel, electronics, fashion, gym memberships, cinema discounts and more.

Equal Opportunity Employer

As an Equal Opportunity Employer, Rightmove will never discriminate based on age, disability, sex, race, religion or belief, gender reassignment, marriage / civil partnership, pregnancy/maternity or sexual orientation. At Rightmove, we believe that a diverse and inclusive workforce leads to better innovation, productivity and overall success. We are committed to creating a welcoming and inclusive environment for all employees, regardless of their background or identity, to develop and promote a diverse culture that reflects the communities we serve.

By applying, you confirm that you've read and understood our Privacy Policy, which explains how we handle and protect your personal information during the recruitment process. Apply for this job

To apply, please click the Apply button above and submit your application.