Salary: £65,000 + bonus
Reports to: Application Security Manager
Department: Technology - Engineering/Security
Location: London, Hammersmith
Either contact Douglas Gambling on 020 8834 6789 or send your details to email@example.com
Home to the world's biggest online betting community, Betfair is striving to become the pre-eminent betting platform for the internet. After launching the world's first successful online betting exchange in June 2000, Betfair has grown into a multi-billion dollar business with an established portfolio of online gaming products comprising sports, poker, casino and games. The company now has in excess of two million registered customers with over 50 per cent of all new registrations coming from outside the UK and Ireland.
Across all its products, Betfair processes more than six million transactions on an average day - more than all the European stock exchanges combined. It is a two-time winner of the Queen's Award for Enterprise - the only betting company in the world ever to achieve this level of recognition.
Betfair employs over 1,500 people globally. Its headquarters are in Hammersmith in West London, while its international business is hosted in Malta. It also has large operational bases in Stevenage and Australia, with a software development office in Romania.
There is an open position in the application security team for an enthusiastic and highly skilled Application Security Analyst who has a background in security and / or development. Candidates should be comfortable studying complex systems, able to identify application risks and threats, and be willing to recommend appropriate countermeasures.
The role involves interacting with development teams to ensure that production web applications are implemented with security in mind. Typical engagements involve conducting architectural / design reviews, code reviews, penetration tests, tracking new requirements and recommending improvements. The application security team is responsible for the security of all Betfair applications developed internally or externally.
Key Responsibilities / Duties:
- Understand the architecture of production systems including identifying the security controls in place and how they are used
- Ability to review code of J2EE enterprise applications (J2EE/.Net/oracle/SQL) by tracing the execution flow through an application and identifying possible security vulnerabilities or areas of weakness
- Understand database weaknesses and security best practices
- Ability to evaluate functional and technical specifications early within the software development life cycle and identify possible threats or areas of weakness based on the documentation
- Write tools to automate certain security tasks
- Keep understanding of vulnerabilities current
- Understand and provide consultation on using Fortify Source Code Analysis tool to enhance the code review process, integrate with application build scripts, write custom rules and train developers to use.
Key Working Relationships:
- Liaise with development managers and quality assurance teams in the planning of projects to ensure security input is given and that security reviews are included in project schedule
- Ability to work in on multiple concurrent projects with multiple development teams, internal and external.
Person Specification Experience & Qualifications Required:
- Security experience from previous projects throughout the project lifecycle.
- Security development experience in J2EE
- Security related qualifications (e.g. CISSP, GSSP, CEH etc)
- Knowledge of various security tools EG Fortify, layer 7 firewalls, vulnerability scanners
- Experience administering or securing Oracle databases.
Key Skills and Attributes
- Strong understanding of J2EE Application threats
- Knowledge of software development security principles and best design practices
- Strong analytical and diagnostic skills
- Expert knowledge of J2EE, JSP, Struts, .Net, Java Patterns, Spring, HTTP & SQL
- Strong understanding of three tier web applications.
- 25 days holiday (Varies according to location)
- Cash bonus scheme
- Comprehensive medical insurance
- Travel season ticket loan (UK only)
- Learning and Development opportunities
- Employee referral scheme.