Barclays UK Application Security

Pune, India

Apply for job

Date live: Oct. 11, 2022

Business Area: COO & Functions

Area of Expertise: Operations

Reference Code: 90271204

Contract: Permanent/Regular

Where will you be located?

Take a look at the map to see what’s nearby. Train stations & bus stops, gyms, restaurants and more.

Explore location

Job Title:AVP BK UK Application Security Testing

Location: Pune

Barclays are looking for a motivated, technically minded individual to join our BUK application security testing team. This includes the following scope

Application Security Testing – supporting secure development of code in BUK through static code analysis, binary analysis, web application vulnerability assessments, mobile code hardening
Thematic assessment – assessment of any thematic issues across BUK applications resulting from findings out of the testing and ensure that application development teams are fully engaged on how to address these in an enduring manner
Education and Awareness – supports the education and awareness of the development community across BUK to build high level of understanding on how to ensure Barclays applications are secure by design.

As AVP of BUK Application Security you will be expected to:

Demonstrate accountability for the delivery of security testing services within BUK
Ensure services are delivered to BUK in a joined-up and cohesive fashion.
Drive and lead security assessments to aid in ensuring that the organisations assets and IT systems are appropriately protected against unauthorised activities.
Grow and develop talent within the team, providing not just managerial leadership, but inspiring the technical staff who are key to the success of this service offering.
Ensure close collaboration within the teams and with other areas of Security Assurance and Barclays.
Manage key relationships with stakeholders, including negotiation of scope and intensity of testing of development and production systems.
Evangelise new and existing service offerings across the group to ensure a high level of up take.
Design, develop and deliver relevant MI reports related to team utilisation, high risk vulnerabilities & common issues,
Analyse repeated issues found in a cross section of engagements and use this information to develop highly bespoke, relevant action plans to remediate the core issues.

What will you be doing?

Security Testing Services

Ensure that all existing commitments and new requirements (for both project and production) application security services are met
Determine forward planning for application security services based on BUK TC plans

Application Vulnerability Management

Maintain oversight of all application vulnerabilities as a result of application and penetration testing
Ensure that vulnerabilities are remediated within an acceptable time frame and that KRI and KCI are kept within tolerance
Ensure any area of high risk are addressed of highlighted to senior management

Thematic Assessment

Undertake assessment of thematic issues across BUK applications resulting from findings of application and penetration testing
Determine action plans to address any such finding and ensure that these are delivered

Reporting & MI

Prepare regular reports on status of application security and penetration testing and associated vulnerabilities for reporting to management
Support efficient reporting of vulnerabilities to TC application leads to ensure that they have the right information at the right time to drive effective remediation of issues

Education and Secure Coding

Support the implementation of training and education programs on application security
Undertake education and awareness activity with TC development team to ensure robust understating of managing application security risks
Collaborate and build communities of engagement on application security

Team Mentoring and Development

Mentor and support team members in their goals and their continued professional development.
Provide regular assessment progress updates that include sufficient detail to convey work completed and upcoming activities
Maintain and increase areas of technical competence in self and team to enhance depth and breadth of assessment abilities through advanced training

Vendor management

Establish and maintain relationships with key vendors.
Closely monitor vendor deliverables to ensure that high standard is maintained at all times.

Relationship Management

Build an effective network of relationships with BUK application teams
Build effective relationship within Global CISO application security team and drive strong collaboration across different BUs and central CISO app security team

Supporting security incidents/investigation as required

What we’re looking for:

Critical Requirements

Has ability to articulate technical concepts and security risk to non-technical business owners and management
Takes a detailed approach to demonstrating that effective control structures are or are not in place.
Consistently outputs superior quality deliverables
Consistently supports business and technical areas in identifying high-quality resolutions to control concerns
Possesses an entrepreneurial attitude to excel in loosely defined scenarios
Works independently or lead any size team of control testers on critical infrastructure and/or applications
Has superior time management and organizational skills
Maintains a wide breadth of technical testing and leadership management skills
Is a subject matter expert in more than 1 testing domain
Understands and can articulate the business context/significance of technical test findings

Technical Knowledge

Understanding of security strategies and technologies including secure network design, e-Channels, remote computing, desktop and server hardening, secure web services, Compliance Auditing, Secure Software Development Lifecycles, Software Audit
Has strong knowledge of information security frameworks and standards such as ISO17799/27001 and their application into diverse environments
Demonstrates ability to solve complex technical problems
Understands core development methodologies and their associated technologies
Has detailed knowledge of the purpose of - and approaches to - security testing.

Security Management

Is able to balance business impact, cost and risk against technical criticality
Is able to contribute to formulation of policies and best practices for security management
Can consult on policy guidance, interpretation and enforcement mechanisms
Is knowledgeable about application control techniques
Can describe key IT security functions, major roles, responsibilities and their inter-dependencies
Understands security operations from a people, process and technology perspective
Understands the role and importance of robust governance models
Understands routine IT security monitoring and administration tools
Understands performance measurements for IT security
Understands major internal support functions and services
Monitors marketplace trends and experiences on security, audit and control issues

Business Knowledge

Has good awareness and understanding of the Barclay’s business unit responsibilities and structure
Is able to identify specific information security technical build guides and best practice deficiencies within the global organization and develop and drive cross-functional correction strategies

Where will you be working?

Pune

Be More at Barclays

At Barclays, each day is about being more – as a professional, and as a person. ‘Be More @ Barclays’ represents our core promise to all current and future employees. It’s the characteristic that we want to be associated with as an employer, and at the heart of every employee experience. We empower our colleagues to Be More Globally Connected, working on international projects that improve the way millions of customers handle their finances. Be More Inspired by working alongside the most talented people in the industry, and delivering imaginative new solutions that are redefining the future of finance. Be More Impactful by having the opportunity to work on cutting-edge projects, and Be More Valued for who you are.

Interested and want to know more about Barclays? Visit home.barclays/who-we-are/ for more details.

Our Values

Everything we do is shaped by the five values of Respect, Integrity, Service, Excellence and Stewardship. Our values inform the foundations of our relationships with customers and clients, but they also shape how we measure and reward the performance of our colleagues. Simply put, success is not just about what you achieve, but about how you achieve it.

Our Diversity

We aim to foster a culture where individuals of all backgrounds feel confident in bringing their whole selves to work, feel included and their talents are nurtured, empowering them to contribute fully to our vision and goals.

Our Benefits

Our customers are unique. The same goes for our colleagues. That's why at Barclays we offer a range of benefits, allowing every colleague to choose the best options for their personal circumstances. These include a competitive salary and pension, health care and all the tools, technology and support to help you become the very best you can be. We are proud of our dynamic working options for colleagues. If you have a need for flexibility, then please discuss this with us.

More about working at Barclays

Our approach to hybrid working ensures there’s the right balance of working alongside colleagues at our onsite locations, as required for each role. For business areas that offer a hybrid working experience, this will be in a structured way, where colleagues work at an onsite location on fixed, ‘anchor’, days of the week. Some roles may require full onsite working. Please discuss the working pattern requirements for the role you are applying for with the hiring manager.

We continue to embed and review our hybrid working environment and remain in a phase of testing and learning. This means that working arrangements could change, with reasonable notice, to align with the needs of our business.

Barclays welcomes applications from all candidates and is committed to ensuring reasonable adjustments (accommodations) are put in place to allow for a fair and inclusive recruitment process. For more information and how to request one, please review Adjustments to the recruitment process.

We’re committed to providing an inclusive culture and environment, that recognises and supports ways to balance your personal needs, alongside the professional needs of our business. Providing the opportunity for all our employees globally to work flexibly empowers each of us to work in a way that suits our lives, as well as enabling us to better service our customers’ and clients’ needs.

Our approach to working flexibly is designed to support you to balance your life and to accommodate diverse needs, whilst still allowing us to meet our business needs. If you’d like to request a flexible working arrangement, please discuss this with your hiring manager.

We're committed to providing a supportive and simplified experience for our candidates throughout the application and assessment process. Here, you will find information about what to expect and some guidance around your assessment and interview.

While the application process depends on the role, there are some constant steps, which are;

Step 1 - Your application
Step 2 - Your assessment
Step 3 - Your interview
Step 4 - Next steps

We aim to create an inclusive work environment where everyone can reach their full potential. If you require any adjustments to our recruitment process, please click here to learn more.

Find out more information here.

Barclays offers a diverse, inclusive and engaged culture. A place where people can bring their whole selves to work and be respected for who they are, valued for what they do and celebrated for their contribution to our business and our community.
We are an equal opportunity employer and opposed to discrimination on any grounds. It is the policy of Barclays to ensure equal employment opportunity without discrimination or harassment on the basis of race, colour, creed, religion, national origin, alienage or citizenship status, age, sex, sexual orientation, gender identity or expression, marital or domestic/civil partnership status, disability, veteran status, genetic information, or any other basis protected by law.

Barclays is required by law to confirm that you have the Legal Right to Work in any role that you apply for. If you currently hold a work visa sponsored by Barclays, or you would require sponsorship from Barclays, you must declare this as part of your application. Sponsored visas are role and entity specific and any changes must be reviewed. It is important that you ensure you are working on the correct visa at all times. Failure to accurately disclose your visa status or Legal Right to Work may result in your application or any employment offer being withdrawn at any time.

The Barclays Way

This is the spirit of Barclays. It’s why we exist, what we believe and how we behave. But most importantly, it’s how we make decisions, take action and get things done.

Learn more