Security Engineer App Sec

The job at a glance  
Join our team and you’ll be responsible for supporting our development teams by integrating security tools with our existing technology stack and CI/CD pipelines, helping remediate Application Security findings, and improving our Web Application Firewall.

Working in the Security department you will identify improvements in our Application Security stack and its integrations, streamline change processes using Infrastructure as Code, and play a key role in Stepstone's Security Champions Programme by delivering sessions, supporting Security Champions, and collaborating on application-specific security needs.

This is so important to us. By joining our team, you will be playing a vital role as together we reimagine the labour market to make it work for everybody.

Your responsibilities 

• Collaborate with cross-functional teams to ensure effective detection, triage, remediation, and continuous improvement of Application Security processes.
• Support developers in the triage and remediation of findings generated by the Application Security Testing (AST) stack, including tools such as SCA and SAST, while driving enhancements across the SSDLC.
• Manage and take ownership of the Web Application Firewall (WAF), resolving issues raised by end users and other business stakeholders.
• Support development teams in onboarding domains, endpoints, and APIs to the WAF, as well as maintaining and optimizing WAF rules.
• Support the Application Security Lead with initiatives within the Security Champions programme and assist development teams with Risk, Threat, and Vulnerability identification through Threat Modelling processes.