Welcome to VERCIDA website.

Skip to main content
Enable Recite to make this website accessible

Profile completeness

Did you know that users who have filled in their profile details are 42 times more likely to get matched with the right employer?

security illustration Help us find the best workplace for you by sharing more about yourself. We will never disclose your information with others.

Job description

    Company Info

    LGIM is the investment management arm of Legal & General Group, a FTSE 100 company. We are one of Europe's largest asset managers and a major global investor, with assets under management of £983.3bn* (as at 31 December 2017). Our success has been built by focusing on clients and providing them with services and solutions that meet their needs. We offer strategies across the full spectrum of asset classes, including equities, bonds, property, alternatives and cash, as well as multi-asset strategies tailored to the needs of institutional and retail investors.

    LGIM is one of the world's leading providers of index fund management. We are at the forefront of developments in liability-driven risk management solutions for defined benefit pension schemes, a leading provider of defined contribution solutions and also offer wide range of strategies to help our clients manage their investment objectives. LGIM continues to innovate as markets evolve, building strong relationships with clients including pension scheme, sovereign wealth funds, wealth managers and other professional investors.

    We understand that our scale brings responsibilities. We play an active role in the companies we invest in, from exercising shareholder voting rights to directly engaging with companies at a board level. By engaging with businesses, we aim to unlock value for investors and shape the future and sustainability of financial markets.

    In addition to having a leading position in the UK, we have selectively expanded into new markets across Europe, the Middle East, Asia and the US. We believe that translating our capabilities to reflect the needs of our international clients will mean we are well placed to help them achieve their objectives.

    *LGIM internal data as at 31 December 2017, including derivative positions and advisory assets. These figures include assets managed by LGIMA, an SEC Registered Investment Advisor.

    Department Info

    LGIM manages fixed income, equity, multi-asset, liability-driven investment, property and alternative solutions on behalf of its clients. Located across the globe, our clients include institutional pension funds, financial institutions, local authorities and sovereign wealth funds. In order to meet the complex and evolving investment needs of our clients, we focus on remaining at the forefront of investment product innovation and maintaining our reputation as experts across all asset classes.

    We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation, gender identity or age.

    Job Duties

    The primary responsibility of the Application Security Analyst is to ensure secure development of applications and drive compliance to secure SDLC principles during development, testing and on-going maintenance of applications developed by LGIM and its third parties.
    • Support the CISO Office in the development of application security policies and standards, to help ensure that control requirements are aligned with industry good practice and regulatory expectations.
    • Collaborate with application owners and other LGIM stakeholders to develop, review and maintain an up-to-date inventory of applications used across Legal & General.
    • Work with LGIM Information Security Officers, developers, coders and testers to identify application security requirements and promote secure application development from the onset of a project, to help ensure 'Security by Design' is embedded.
    • Review test scripts and user stories provided by application developers and ensure these adhere to secure coding guidelines, and secure SDLC principles for Legal & General.
    • Work with third party security providers to coordinate automated and/or manual security code reviews and security code testing as part of the application development lifecycle for all qualifying applications across Legal & General.
    • Perform threat modelling for high risk applications to ensure security requirements meet the continually evolving threat and business landscape, and collaborate with application teams for appropriate remediation actions.
    • Schedule and execute application penetration tests for all qualifying applications across LGIM, using a risk-based approach for prioritisation.
    • Ensure alignment to L&G's Customer Experience and Treating Customers Fairly (TCF) policy.

    Skills Required


    • Bachelor's degree or equivalent experience in computer science, IT engineering, or related field
    • An MSc in Information Security or equivalent would be an advantage

    • Information Security and/or Information Technology industry certification (CISSP, CISM or equivalent) strongly preferred
    • Member of IISP or have the qualification, skills and experience to become a member
    • Technical certifications and other software security certifications such as GIAC Certified Web Application Defender, GIAC Web Application Penetration Tester or CLSSP are preferred but not mandatory

    Knowledge :
    • Proven working knowledge of Building Security In Maturity Model (BSIMM),
    • Proven working knowledge of ISO/IEC 27034:2011 (Information technology, Security techniques, Application security) or OWASP SAMM standards
    • Proven working knowledge of the Open Web Application Security Project (OWASP) and the Software Assurance Maturity Model (SAMM)
    • Working knowledge of the Java or .NET programming languages

    • Strong understanding of application security vulnerabilities and testing techniques
    • Advanced understanding of secure SDLC processes and ability to implement secure SDLC in developing and designing effective solutions
    • In-depth understanding of enterprise and web application development platforms
    • Strong understanding of secure coding practices based on industry leading practices such as OWASP and SANS
    • Proficient in reporting to leadership on programme effectiveness
    • Organised with a proven ability to prioritise workload, meet deadlines, and utilise time effectively

    • Prior work experience in information security is essential
    • Prior work experience in secure application development and/or application security testing is required
    • Experience of web application and agile development methodologies


    Whatever your role, we reward ability, performance and attitude with a package that looks after all the things that are important to you. Our employees have a wide range of benefits including a generous pension scheme, life assurance, at least 25 days' holiday (with potential to rise to 26 days), private medical insurance, performance related bonuses, a variety of share schemes, discounts at both a huge range of high street stores and our own great products, your hard work will be rewarded when you join us.

Job Sector
IT & Telecoms
Job Position
Software Developer
London, UK Show on map
Post date
Closing date

How would you fit?

Learn more about Legal & General

Be unique. Be authentic. However you prefer to say it, we really mean it. Our culture embraces people’s diverse perspectives and creates a positive environment where everyone belongs. We’re determined to build a better, more connected world for everyone.

Articles you might like

Other jobs in Insurance

Reward Associate Partner

London, UK

posted 20 hours ago

Actuarial Associate Consultant

Leeds, UK

posted 20 hours ago

You will receive an email with link to reset your password.

Enter your new password