Application Security Engineer

BAT is evolving at pace into a global multi-category business. We are on a mission to decrease the health impact of our industry.
To achieve our ambition, we are looking for colleagues who are ready to Be The Change. Come, join us on this journey!

The role will be responsible for operationalizing and delivering security engineering requirements as directed by the Global Head of Security Architecture & Engineering. Partnering with the broader Digital Business Solutions (DBS) organization, you will play a crucial role in ensuring the security and integrity of our organization's applications and software systems.
You will work closely with development teams, architects, and other partners to identify and mitigate security vulnerabilities, conduct security assessments, and implement standard methodologies to protect our applications from potential threats.
Your expertise in secure coding practices, vulnerability assessments, and secure design principles will be essential in maintaining the security posture of our applications

Your key responsibilities will include:

• Conducting security assessments and penetration testing to identify vulnerabilities, weaknesses, and risks. Using tools and techniques to analyze security posture and provide remediation recommendations.
• Reviewing application source code for security flaws and coding best practices, addressing issues like input validation, authentication, and insecure data storage.
• Monitoring and managing application vulnerabilities by staying updated on patches, upgrades, and fixes. Collaborating with development teams for timely remediation.
• Working with development teams to integrate security requirements and standard processes into design and development. Providing guidance on secure architecture and coding techniques.
• Assisting in incident response for security breaches, identifying root causes, containing impact, and facilitating recovery.
• Promoting security awareness by training development teams on secure coding practices, policies, and procedures.
• Ensuring compliance with security standards, industry regulations, and legal requirements. Keeping up with evolving standard methodologies and integrating them into development.
• Evaluating, implementing, and managing security tools like static code analysis, DAST, and SCA tools. Automating security testing where applicable.
• Collaborating with developers, architects, QA, and operations teams to address security concerns and integrate measures throughout the application lifecycle. Communicating risks effectively to technical and non-technical partners.

What are we looking for?

• Application Development: Experience in software development with knowledge of various programming languages, frameworks, and methodologies.
• Security Testing & Assessments: Hands-on experience with security testing, including static code analysis, DAST, and IAST. Experience in security assessments and vulnerability scanning.
• Secure Coding Practices: Practical experience in secure coding and applying security controls throughout the software development lifecycle.
• Incident Response: Exposure to security incident response and experience in handling and mitigating application security incidents.
• Technical / Functional  Skills
  Threat Modelling: Ability to perform threat modelling to identify potential security risks and vulnerabilities.
  Vulnerability Management: Proficiency in identifying, analysing, and mitigating application vulnerabilities.
  Secure Code Review: Strong ability to review source code for security flaws using manual and automated techniques.
  Security Tools: Familiarity with security testing tools like SAST, DAST, and security scanning tools.
  Security Standards & Frameworks: Knowledge of industry standards like OWASP, NIST SP 800-53, and CERT Coding Standards.
  

What we offer you?
•    We offer a market leading annual performance bonus (subject to eligibility)
•    Our range of benefits varies by country and includes diverse health plans, initiatives for work-life balance, transportation support, and a flexible holiday plan with additional incentives
•    Your journey with us isn't limited by boundaries; it's propelled by your aspirations. Join us at BAT and become a part of an environment that thrives on internal advancement, where your career progression isn't just a statement – it's a reality we're eager to build together. Seize the opportunity and own your development; your next chapter starts here.
•    You'll have access to online learning platforms and personalized growth programs to nurture your leadership skills
•    We prioritise continuous improvement within a transformative environment, preparing for ongoing changes

WHY JOIN BAT?
We’re one of the few companies named as a Global Top Employer by the Top Employers Institute – certified in offering excellent employee conditions.

Collaboration, inclusion and partnership underpin everything we do here at BAT. We are looking forward to enabling every individual to thrive, regardless of gender, sexual orientation, marital or civil partnership status, gender reassignment, race, religion or belief, colour, nationality, ethnic or national origin, disability, age, skills, experience, education, socio-economic and professional background, veteran status, perspectives and thinking styles. We know that embracing talent from all backgrounds is what makes us stronger and best prepared to meet our business goals.

We see the career breaks as opportunities not obstacles. Through The Global Returners program, we support professionals looking to restart their careers after an extended absence from the workforce (e.g. time out caring for family, parental leave, national service, sabbatical and/or starting an own venture).

Come bring your difference and see what is possible for you at BAT. Learn more about our culture and our award winning employee experience here.

If you require any reasonable adjustments or accommodations to help you perform at your best during the recruitment process, you are encouraged to notify us. We are fully committed to support you by making appropriate arrangements for you to demonstrate your full potential.