LGIM is the investment management arm of Legal & General Group, a FTSE 100 company. We are one of Europe's largest asset managers and a major global investor, with assets under management of £983.3bn* (as at 31 December 2017). Our success has been built by focusing on clients and providing them with services and solutions that meet their needs. We offer strategies across the full spectrum of asset classes, including equities, bonds, property, alternatives and cash, as well as multi-asset strategies tailored to the needs of institutional and retail investors.
LGIM is one of the world's leading providers of index fund management. We are at the forefront of developments in liability-driven risk management solutions for defined benefit pension schemes, a leading provider of defined contribution solutions and also offer wide range of strategies to help our clients manage their investment objectives. LGIM continues to innovate as markets evolve, building strong relationships with clients including pension scheme, sovereign wealth funds, wealth managers and other professional investors.
We understand that our scale brings responsibilities. We play an active role in the companies we invest in, from exercising shareholder voting rights to directly engaging with companies at a board level. By engaging with businesses, we aim to unlock value for investors and shape the future and sustainability of financial markets.
In addition to having a leading position in the UK, we have selectively expanded into new markets across Europe, the Middle East, Asia and the US. We believe that translating our capabilities to reflect the needs of our international clients will mean we are well placed to help them achieve their objectives.
*LGIM internal data as at 31 December 2017, including derivative positions and advisory assets. These figures include assets managed by LGIMA, an SEC Registered Investment Advisor.
LGIM manages fixed income, equity, multi-asset, liability-driven investment, property and alternative solutions on behalf of its clients. Located across the globe, our clients include institutional pension funds, financial institutions, local authorities and sovereign wealth funds. In order to meet the complex and evolving investment needs of our clients, we focus on remaining at the forefront of investment product innovation and maintaining our reputation as experts across all asset classes.
We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation, gender identity or age.
The primary responsibility of the Application Security Analyst is to ensure secure development of applications and drive compliance to secure SDLC principles during development, testing and on-going maintenance of applications developed by LGIM and its third parties.
Support the CISO Office in the development of application security policies and standards, to help ensure that control requirements are aligned with industry good practice and regulatory expectations.
Collaborate with application owners and other LGIM stakeholders to develop, review and maintain an up-to-date inventory of applications used across Legal & General.
Work with LGIM Information Security Officers, developers, coders and testers to identify application security requirements and promote secure application development from the onset of a project, to help ensure 'Security by Design' is embedded.
Review test scripts and user stories provided by application developers and ensure these adhere to secure coding guidelines, and secure SDLC principles for Legal & General.
Work with third party security providers to coordinate automated and/or manual security code reviews and security code testing as part of the application development lifecycle for all qualifying applications across Legal & General.
Perform threat modelling for high risk applications to ensure security requirements meet the continually evolving threat and business landscape, and collaborate with application teams for appropriate remediation actions.
Schedule and execute application penetration tests for all qualifying applications across LGIM, using a risk-based approach for prioritisation.
Ensure alignment to L&G's Customer Experience and Treating Customers Fairly (TCF) policy.
Bachelor's degree or equivalent experience in computer science, IT engineering, or related field
An MSc in Information Security or equivalent would be an advantage
Information Security and/or Information Technology industry certification (CISSP, CISM or equivalent) strongly preferred
Member of IISP or have the qualification, skills and experience to become a member
Technical certifications and other software security certifications such as GIAC Certified Web Application Defender, GIAC Web Application Penetration Tester or CLSSP are preferred but not mandatory
Proven working knowledge of Building Security In Maturity Model (BSIMM),
Proven working knowledge of ISO/IEC 27034:2011 (Information technology, Security techniques, Application security) or OWASP SAMM standards
Proven working knowledge of the Open Web Application Security Project (OWASP) and the Software Assurance Maturity Model (SAMM)
Working knowledge of the Java or .NET programming languages
Strong understanding of application security vulnerabilities and testing techniques
Advanced understanding of secure SDLC processes and ability to implement secure SDLC in developing and designing effective solutions
In-depth understanding of enterprise and web application development platforms
Strong understanding of secure coding practices based on industry leading practices such as OWASP and SANS
Proficient in reporting to leadership on programme effectiveness
Organised with a proven ability to prioritise workload, meet deadlines, and utilise time effectively
Prior work experience in information security is essential
Prior work experience in secure application development and/or application security testing is required
Experience of web application and agile development methodologies
Whatever your role, we reward ability, performance and attitude with a package that looks after all the things that are important to you. Our employees have a wide range of benefits including a generous pension scheme, life assurance, at least 25 days' holiday (with potential to rise to 26 days), private medical insurance, performance related bonuses, a variety of share schemes, discounts at both a huge range of high street stores and our own great products, your hard work will be rewarded when you join us.
Be unique. Be authentic. However you prefer to say it, we really mean it. Our culture
embraces people’s diverse perspectives and creates a positive environment where everyone
belongs. We’re determined to build a better, more connected world for everyone.