The primary role of the Security Advisor is to work alongside Product teams to educate and enable them to take responsibility for the security of their products.You’ll contribute to improving security culture and capability, enable our teams to ship secure features and offer advice about security to the wider business.
What you’ll do
- Improve the security capability inside the Product teams and the wider business by providing security advice aligned to best practice.
- Actively engage with Product teams and the wider business to educate and empower these teams to take responsibility for the security of their products. Work with and grow the Security Champions across the company, to create a culture of best practice across the business in relation to security.
- Be highly visible and accessible to members of the product team and the wider business through regular & active engagement with Product teams throughout the product development lifecycle.
- Assist in the development of security awareness materials and training for all staff.
- Identify the security training needs of teams company-wide and deliver training to address those needs to help build and develop the security capability & awareness across the business.
- Work with Product teams and wider business to help connect them to the right SME within the security practice based on questions and queries that may arise as part of your regular engagements with these teams.
- Help make the security team a trusted partner for other technical teams by providing timely and constructive advice to Product teams & wider business.
- Work alongside Product teams to remove any security blockers or gates from product delivery by matching the lean and agile practices these teams follow. Enable the Product team to deliver secure software by proactively being involved in the development of the product and providing trusted advice to these teams.
- Help foster a culture of security across the company with particular emphasis on the technical teams (Including CDO and Internal IT)
Success looks like
- Product teams are engaging with the Security Advisory team throughout the product development lifecycle to ensure they are shipping secure software.
- Security Champions have been identified and upskilled and are taking a proactive role in contributing to the Product team’s development practice. Technical teams consider that the Security team is accessible and empowers them to deliver secure product.
- Artificial security gates and unnecessary blockers have been removed from product delivery.
- Product teams & the wider business have increased awareness and education of the importance of security and engage the Security team early in their planning and delivery of their product.
- Appropriate security training is in place across the company and feedback from business stakeholders about the quality of training is positive.
What you'll bring with you
- 3 or more years working in the information security field
- Working knowledge of web applications, common web application vulnerabilities and web application penetration testing
- Working knowledge of secure development processes in an Agile/DevOps environment
- Good grasp of modern software development practices and lifecycle
- Experience of working with software development and/or other teams using Lean-Agile techniques
- Excellent written and verbal communication skills with the ability to interact with a variety of individuals at different levels
- Excellent stakeholder management
- Ability to juggle many tasks and projects in a fast-moving environment
- Ability to work independently with minimal direction
- A drive to take ownership of problems and solve them
- Good stakeholder management skills
- Creates a collaborative environment and empowers others.
- An innovative and positive team player with a “can do” attitude.
- Has initiative and a passion for all things security and a willingness to go the extra mile