Job Specifications
Company
RealVNC is the remote access platform for engineers looking for the most reliable and the most secure solution built by the creators of VNC technology. Over the last 25 years, as the inventors of VNC, we've enabled a global workforce to work wherever works and created the remote access market. Our software is used by hundreds of millions of users worldwide including IT professionals from global companies, such as Intel, IBM, NASA, Shell, DreamWorks and Philips.
Our lead product, VNC Connect, allows users to connect securely to a remote device anywhere in the world, see its screen in real-time, and take control as though sitting in front of it. The product has been deployed across a myriad of use cases, from remote support through to deploying the software onto connected devices such as medical ventilators, set-top boxes, heavy industrial machinery and more.
Backed by leading mid-market private equity firm, Livingbridge since 2021, we are investing in our people to support our highly ambitious growth plans. As part of our people strategy to develop our next generation organisation, we are looking to add new team members that are integral to the success of the business, committed to delivering high quality results, collaboration and innovation to help accelerate company growth.
Position
We are seeking a highly skilled Application Security Engineer to join our Cyber Security team helping to ensure security is embedded throughout the Software Development Lifecycle (SDLC). This role focuses on identifying, analysing, and mitigating vulnerabilities in our applications throughout the development lifecycle. The successful candidate will work closely with security, development and QA teams to ensure robust security practices are embedded in our software delivery process.
Key responsibilities include;
Secure Design & Threat Modelling:
Ensure the foundation is secure from the start by conducting threat modelling and risk assessments during design phases.
Provide security requirements for new features and architecture reviews.
Development & Code Assurance:
Perform secure code reviews and advise developers on CIS Critical Security Controls and OWASP Top 10 compliance.
Collaborate with engineering teams to integrate security into development workflows.
Testing & Automation:
Execute Dynamic Application Security Testing (DAST) on running applications, focusing on XSS, SQL Injection, Broken Access Control etc.
Use Interactive Application Security Testing (IAST) tools for runtime analysis, such as Burp Suite, OWASP ZAP, Frida.
Conduct Static Application Security Testing (SAST) and Software composition analysis (SCA) on source code and binaries.
Conduct testing and vulnerability assessments across desktop, web and mobile applications.
Deployment & Monitoring:
Partner with DevOps to advise on secure configurations and hardening in production environments.
Support incident response and remediation of application-level vulnerabilities.
Threat Intelligence, Governance & Training:
Keep up to date with industry news, vulnerability announcements and guidelines.
Deliver secure coding training and promote a positive security posture.
Requirements
You;
Have hands-on experience with DAST, IAST and penetration testing tools (e.g., Burp Suite, OWASP ZAP, Frida).
Have experience with Static Application Security Testing (SAST).
Have a strong understanding of secure SDLC and DevSecOps principles.
Strong understanding of application security principles and common vulnerabilities (e.g., XSS, SQL Injection, Broken Access Control).
Have proficiency in secure coding practices (Java, Python, C++ or similar).
Have practical experience using software composition analysis (SCA) tools such as Blackduck, Mend/Whitesource, Snyk or similar.
Have experience testing desktop applications.
Can easily explain complex security concepts to non-technical stakeholders and write clear security reports.
Work well with a wide-range of stakeholders as part of a cross-functional team, including system administrators, developers, network engineers and information security compliance.
Are familiar with common Operating Systems - Windows, Linux, MacOS, Android and iOS.
Anything else?
If you have experience of any of the following, we'd love to hear about it!
Exploit development activities, such as exploiting buffer overflows, crafting shellcode or analysing patches.
Knowledge and understanding of Cyber Security frameworks such as CIS Critical Controls v8 and NIST Cybersecurity Framework.
Regulatory compliance - knowledge of GDPR, ISO-27001 and SOC2.
Knowledge of encryption methods and best practices for protecting sensitive data.
Previous experience in a security-based role.
Details of any security-based qualifications.
Benefits
This role offers a great opportunity to join our Cyber Security Team, working for a successful, growing company with a recognised global brand and huge potential and vision. Working with us on our growth journey pr
About the Company
RealVNC is a leading provider of remote access solutions, helping some of the biggest companies in the world connect people through devices. As the company that pioneered the VNC internet protocol that is now the standard across the industry, RealVNC is at the forefront of its evolution, with software in over 1 billion devices worldwide. Today, RealVNC® is a multi-award winning SaaS business, with technology in over 90,000 enterprise organizations across all industries. RealVNC's secure remote access software, VNC Connect, i...
Know more