Job Description

As a Security Tooling Engineer, you will join a multidisciplinary team, working together with other Security Engineers, Product Managers and other Security teams, as well as with our broader Engineering community, to design, build and deploy scalable and considered solutions in our security tooling space. You will gain deep knowledge on automated security tools and support the delivery and maintenance of these tools to empower engineers to build high quality, secure applications with minimal disruption to their delivery. Your impact will be felt within Cyber Security and wider by our tech communities, engineers and operations teams.

Responsibilities

• Drive security efforts across ASOS Engineering (SecDevOps, Secure SDLC) through building scalable security tool integrations into the developer’s workflow.
• Provide documentation, training, guidance and support to teams using our tools.
• Develop tools, services and scripts to support with internal Security projects.
• Support with security risk decisions and influence technical architecture.
• Support with Application Security Assessments (incl. Threat Modelling, Attack Surface Analysis, Application Security Architecture Reviews and Security Code Reviews) where required.
• Support with security training around Security Best Practices.
• Understand and support teams with adherence to regulations (e.g. GDPR, PCI-DSI)
• Defining and explaining security non-functional requirements for development teams.
• Ability to articulate mitigation and development techniques around emerging threats to technical and non-technical stakeholders
• Work with other Security Engineers on collaborative projects and deliverables that support other Security & Fraud functions and business needs.
• Stay updated on emerging security threats, industry trends, and evolving technologies.

Qualifications

About you: 

• Strong experience with scripting and automation within a CI/CD DevOps context
• A solid understanding of fundamental security scanning practises such as SAST, CA, IAC Scanning, Credential Scanning, DAST
• Experience with implementing Application Security Tooling
• Experience building applications, scripts, pipelines or automation using modern technologies and languages such as PowerShell, YAML, Python, C#, Java, Docker, Kubernetes
• A good understanding of object-oriented software languages (e.g. C#, Java, Python)
• REST/Graph API experience
• Strong communication skills
• Experienced in agile software delivery and Software Development Lifecycle/Secure SDLC
• Experience with/understanding of DevOps/DevSecOps, Security best practices and driving cultural change.

Additional Information

BeneFITS’ 

• Employee discount (hello ASOS discount!) 
• ASOS Develops (personal development opportunities across the business) 
• Employee sample sales  
• Access to a huge range of LinkedIn learning materials 
• 25 days paid annual leave + an extra celebration day for a special moment 
• Discretionary bonus scheme  
• Private medical care scheme 
• Flexible benefits allowance - which you can choose to take as extra cash, or use towards other benefits 

Why take our word for it? Search #InsideASOS on our socials to see what life at ASOS is like. 

Want to find out how we’re tech powered? Check out the ASOS Tech Podcast herehttps://open.spotify.com/show/6rT4V6N9C7pAXcX60kzzxo. Prefer reading? Check out our ASOS Tech Blog herehttps://medium.com/asos-techblog.