1. Home
  2. Secure Software Development Assurance Analyst
Expires soon
Willis Towers Watson

Secure Software Development Assurance Analyst

  • Ipswich (Suffolk)
  • IT development
Apply Now

Job description

JOB DESCRIPTION

Summary of Role

This role will directly support the newly formed Application Security and Risk Team within Willis Towers Watson.

The Role

Responsibilities:
You will use your skills and experience to:

·  Deputise on behalf of the Secure Software Development Assurance Manager during their absence.
·  Schedule and co-ordinate the delivery of secure development training for development teams.
·  Conduct annual attestation exercises, ensuring developers agree to adhere to the Organizations secure development standards.
·  Provide administrative and 1st line support for static code analysis and web application scanning tools. This includes systems maintenance, user access and segregation and appliance deployments;
·  Conduct security tests using static code analysis and web application scanning tools, on behalf of development teams.
·  Conducting quality assurance reviews of security tests conducted by development teams.
·  Deploy web application scanning capabilities to the Organization’s internet facing web applications.
·  Provide training to development teams on the use of static code analysis and web application scanning tools.
·  Monitor and ensure development teams are using secure software development tools consistently across all applications.
·  Ensure vulnerabilities identified as a result of static code analysis and web application scanning are either remediated or managed via the WTW risk management framework.
·  Produce management information pertaining to the vulnerabilities identified using application security tools.

Requirements

Experience:

Technical

·  Practical knowledge of administering enterprise static code analysis tools
·  Practical knowledge of administering and configuring web application scanning tools
·  Experience of deploying application security toolsets to complex estates
·  Experience of providing training related to the use of application security toolsets
·  Experience of providing 1st line support to development teams using application security toolsets
·  Experience developing applications in common languages (e.g. .Net & Java)
·  Clear and concise understanding of current application security vulnerabilities and attacks.
·  Knowledge of common application security vulnerabilities such as those listed in the OWASP Top 10.
·  Practical knowledge of application security standards and compliance (e.g., OWASP, Sarbanes-Oxley act, HIPAA)
·  Ability to communicate technical concepts to nontechnical disciplines

Business

·  Experience of supervising individuals within a small team environment
·  Experience in engaging business functions (rather than purely IT)
·  Team player with good interpersonal and influencing skills.
·  Able to manage own workload.
·  Ability to work under pressure to tight timelines and without direct supervision. 
·  Excellent analytical problem solving skills.
·  Strong communication skills, both oral and written.

Qualifications:

·  Information security qualifications (e.g. CISSP, CISM, CISA) desirable
The Company 
Willis Towers Watson is a leading global advisory, broking and solutions company that helps clients around the world turn risk into a path for growth. With roots dating to 1828, Willis Towers Watson has 40,000 employees serving more than 140 countries. We design and deliver solutions that manage risk, optimize benefits, cultivate talent, and expand the power of capital to protect and strengthen institutions and individuals. Our unique perspective allows us to see the critical intersections between talent, assets and ideas – the dynamic formula that drives business performance. Together, we unlock potential. Learn more atwillistowerswatson.com .

Willis Towers Watson is an equal opportunity employer
Willis Towers Watson believes that effectively managing a diverse workforce is vital to our business strategy. We have an obligation to our organization, ourselves and our clients to hire and develop the best people we can find. We will continually review our policies and practices to ensure that all areas of the employment process (including recruiting, hiring, work assignments, compensation, benefits, promotions, transfers, company-sponsored development programs and overall workplace experience) are free from discriminatory practices. We are committed to equal employment opportunities at Willis Towers Watson.

Unsolicited Contact: Any unsolicited resumes/candidate profiles submitted through our web site or to personal e-mail accounts of employees of Willis Towers Watson are considered property of Willis Towers Watson and are not subject to payment of agency fees. In order to be an authorized Recruitment Agency/Search Firm for Willis Towers Watson, any such agency must have an existing formal written agreement signed by an authorized Willis Towers Watson recruiter and an active working relationship with the organization. Resumes must be submitted according to our candidate submission process, which includes being actively engaged on the particular search. Likewise, for our authorized Recruitment Agencies/Search Firms, if the candidate submission process is not followed, no agency fees will be paid by Willis Towers Watson. Willis Towers Watson is an equal opportunity employer.

Make every future a success.
  • Job directory
  • Business directory
    •