Application Security Engineer Job In London

Job Description

Personal development and becoming the best you is all about growth and exploring new skills and opportunities – both in and out of the office. At Accruent, we call this Grow Without Limits, and we’re proud to offer each of our employees the resources, coaching and support necessary to achieve Growth Without Limits in their personal and professional lives. Explore where the path takes you.

Why you want to work for our Security team:

The Application Security Engineer will be core team member owning application security consultation across the entire security program which encompasses three Operating Companies under the Facility and Asset Lifecycle (FAL) portfolio at Fortive. These three operating companies are Accruent, Gordian, and ServiceChannel. The Application Security Engineer will work with the Application Security Manager to drive security programs around secure product development, secure application development and be responsible for the security of any internal or external solutions or products. They will be highly embedded as a partner to the engineering and technology organizations at all three operating companies driving security review, awareness, training, and security risk management activities with team members!

The Application Security Engineer will also strategically be looking to standardize on secure product and secure application processes, tools, and developing governance and policy in collaboration with the Application Security Manager. They will be responsible for developing security metrics, performance indicators, ensuring partner awareness of the above, and driving continuous improvement activities, ad hoc kaizen activity, and deepening leadership awareness of product and application security risks. They will work closely across the three operating companies with engineering leadership and developers on all of the above.

The position will be an individual contributor position reporting directly to the Application Security Manager of Fortive’s FAL Group and will be a 100% remote work opportunity.

How you'll make a difference:

• Assure all new products and services are designed in alignment with security standard processes, while assessing and driving security enhancements across existing solutions.
• Own the code vulnerability mitigation approval process working closely with developers and engineering leaders consulting on remediation efforts as aligned with the Application Security Manager.
• Be the security team’s point of contact to the engineering organizations to vet security architectural changes, code design modifications, secure code, and release reviews.
• Run tactical vulnerability intake meetings as needed with developers and engineering leaders.
• Be a leader with vision in every aspect of the application and product security program deepening relationships of trust with engineering, technology, and product team members to ensure the success of the application security program.
• Establish repeatable metrics to show the health of the application security program and establish security standard processes where gaps exist and partner with peers on the security team alongside the business to close those gaps.
• Be an authority across all topics pertaining to the application security program being able to provide guidance and consultation on any related topic with any team member regarding raised security risks, technical implementations, or moving security earlier in collaborator processes and projects.
• Understand Fortive’s security program goals clearly and ensure that Operating Company security approach is aligned with Fortive’s security program and work with Fortive security if any discrepancies or prioritization misalignments exist.
• Provide Fortive security with vital feedback about FAL OpCo security concerns and ensure that the Fortive security program aligns with the security needs and prioritization of the FAL operating companies.
• Be the point of escalation for product and application security alerts working alongside peers on the security team to triage alerts and owning the accountability for action against those alerts.
• Be able to assess vulnerabilities and product related security incidents with upstream and downstream security controls in mind and properly prioritize remediation efforts.
• Ensure security testing and validation efforts for all client-facing products and services.
• Be a champion for risk based thought, culture, and drive the maturation of the product and application security risk management posture across the organization.
• Stay up to date with innovative and creative approaches to product and application security particularly with solutions which have material effects on SaaS and Data companies.

What you bring to the table:

• 5+ years as a software developer in a SaaS company with a focus in secure development with demonstrated success in Enterprise, SaaS, and/or Software products.
• BS degree or equivalent experience in Computer Science, Engineering, Mathematics.
• Demonstrable experience in application security as a developer both in implementing code and in reviewing code for secure practices and remediating security vulnerabilities.
• Proven development background using Java and/or .NET.
• Strong knowledge of secure development practices, code signing, and threat modeling.
• Solid understanding of OWASP Top Ten, OWASP ASVS, OWASP LLM, OWASP SAMM, and OWASP Mobile Application Security concepts.
• Demonstrable understanding of SAST, DAST, Software Composition Analysis (SCA).
• Solid background in standard methodologies for SaaS and Data companies around application and product security and familiarity with CI/CD industry standard processes.
• Familiar with generation of Software Bill of Materials (SBOM).
• Familiar with Application security tools such as Veracode, Fortify, Burpsuite, Snyk, Sonarqube, or similar tools and operational experience using the above.
• Familiarity with common security libraries, security controls, and common security flaws.
• Experience with application penetration test engagements with external providers and developing rules of engagement aligned with test requirements.
• Superb communication skills, with the ability to lead meetings and work effectively with diverse teams.
• Strong problem-solving skills, with the ability to address security vulnerabilities and identify effective solutions while bringing knowledge of current security threats, trends, and mitigation strategies.
• Relevant certifications in security (e.g., CISSP, CSSLP, GWAPT) are a plus.
• Ability to influence and achieve results via accountability and negotiation and creative problem solving.

We believe everyone can bring something incredible to the table with each of our unique experiences and personal skillset. We encourage you to apply for roles that interest you, even if you don’t believe you have the exact experience we’re looking for, or your background doesn’t match the job description perfectly. If you are courageous, adaptable, and love being part of an extraordinary team, we want to hear from you!