Overview Application Security Consultant
Chubb is the world's largest publicly traded property and casualty insurer. With operations in 54 countries, Chubb provides commercial and personal property and casualty insurance, personal accident and supplemental health insurance, reinsurance and life insurance to a diverse group of clients.
The company is distinguished by its extensive product and service offerings, broad distribution capabilities, exceptional financial strength, underwriting excellence, superior claims handling expertise and local operations globally.
The insurance companies of Chubb serve multinational corporations, mid-size and small businesses with property and casualty insurance and services; affluent and high net worth individuals with substantial assets to protect; individuals purchasing life, personal accident, supplemental health, homeowners, automobile and other specialty insurance coverage; companies and affinity groups providing or offering accident and health insurance programs and life insurance to their employees or members; and insurers managing exposures with reinsurance coverage.
With $150 billion in assets and $37 billion of gross written premiums in 2014* on a pro forma basis, Chubb's core operating insurance companies maintain financial strength ratings of AA from Standard & Poor's and A++ from A.M. Best.
Chubb's parent company is listed on the New York Stock Exchange (NYSE: CB) and is a component of the S&P 500 index.
Chubb maintains executive offices in Zurich, New York, London and other locations, and employs approximately 30,000 people worldwide.
The purpose of this role is enhance Chubb's SDLC framework to provide advanced application security guidance and direction across the EMEA region, focusing on application assessments, remediation, reporting and development cycles across both waterfall and agile projects. The role will be expected to understand where automation is appropriate, DevSecOps models, and be able to both assist, implement and manage an application security framework. Primarily based in London, there is expectation of weekly travel to Crawley. This role reports to the Head of Technical Security, EMEA, responsible for leading the regional technical security team. Key Responsibilities:
Knowledge & Experience:
- Primarily responsible for application security assessments as part of the software development lifecycle (SDLC), promoting self-service assessments where appropriate, and tracking through to remediation
- Develop, educate, promote, and monitor the use of secure software development practices
- Obtain and review all required artifacts as part of application security framework
- Continue to drive security evaluation early in the cycles through iterative security testing
- Enhance existing secure coding standards that are based on internal policies, contractual obligations and industry-accepted best practices such as OWASP Guide, SANS CWE Top 25, or CERT Secure Coding, to address common coding vulnerabilities
- Provide regular status reports on the security of the software within the EMEA organization
Identify areas where automated secure coding tools and processes, to review code as it is written, can be promoted through the developm ent lifecycle and into production, applying oversight and governance where appropriate
- Provide advisory services to application development teams during development cycles
- Work with peers to implement and refine security checkpoints in the SDLC
- Assist with periodic security risk assessments, IT security audits, and management reporting
- Follow application security scanning process, including analysis, communication and remediation verification
- Perform security activities, including but not limited to, security design reviews, threat modeling, code auditing on internally & externally developed software
- IT\Cyber Security degree or equivalent preferred
- Excellent knowledge of application security within SDLC, with proven ability to apply knowledge to use case
- Demonstrated ability to apply application security kno wledge to broad range of technologies and make sound recommendations to constituents
- Good communication skills, ability to explain technical issues to mixed audience ranging from technical to business, project management to leadership
- Knowledge of project lifecycles, with working experience of Agile project methodology
- Good understanding of DevOps technologies and automation
- Broad understanding of IT and security technologies
- Experience interpreting and complying to security standards and guidelines (e.g., OWASP, SANS CWE Top 25, CERT Secure Coding etc.)
- Experience within the insurance industry or financial services preferred
- At least 5 years IT experience, working in a technical discipline
- At least 5 years working experience of security technologies
- At least 5 years experience working in a senior technical role, with exposure to senior management, and proven stakeholder management skills
London - Leadenhall Job Function:
Information Technology Employment Type:
Join Our Talent Network
We came a long way in a very short space of time.