Lead Software Engineer – App Security

Does tackling challenging and rewarding application security projects pique your interest? As the Lead Software Engineer (Application Security), you will be at the forefront of the department’s efforts to secure critical applications and contribute to the department’s security posture. Leading a team that blends technical expertise, creativity, and innovation; this role offers you the chance to work on high-profile projects addressing complex security challenges to shape application security across the department. If you are looking for a role that combines leadership, technical problem-solving, and the freedom to innovate, this is your opportunity to stand out and drive meaningful change.

The Lead Software Engineer (Application Security) will play a key role within a security uplift focussed Tiger Team, driving efforts to uplift the security posture of departmental applications. This role focuses on leading technical and project management activities to address application-level vulnerabilities, modernise legacy systems, and implement secure solutions. The role will coordinate across teams to ensure successful security outcomes while enabling the department to meet its cybersecurity goals.

Duties and Responsibilities:

Technical Leadership:

• Provide guidance and leadership to the Tiger Team, taking responsibility for project objectives.
• Act as the primary technical advisor for application security uplift initiatives, ensuring alignment with departmental priorities.
• Lead efforts to assess and modernise application environments, focusing on secure coding practices.

Project Coordination:

• Manage the lifecycle of application security uplift projects; including planning, execution, and reporting on progress.
• Collaborate with stakeholders, including cybersecurity, development, and application delivery teams to prioritise and address vulnerabilities.
• Track project timelines, milestones, and deliverables to ensure the timely resolution of critical security issues.

Application Security Risk Remediation, Risk Mitigation, and Compliance:

• Oversee the implementation of secure coding practices to remediate vulnerabilities identified in penetration tests, code reviews, and scans.
• Guide development teams in applying security measures that align with modern standards (e.g., OWASP).
• Ensure proper validation and testing of remediated applications to maintain functionality and security.
• Collaborate with cybersecurity specialists to identify, assess, and mitigate application-level risks.
• Lead the development of secure configurations and ensure compliance with organisational security standards.

Stakeholder Communication:

• Serve as the primary point of contact for application security uplift efforts, providing regular updates to stakeholders, including the DSD CISO.
• Translate complex technical information into actionable insights for both technical and non-technical audiences.

Key Benefits:

• Opportunity to lead high-impact initiatives to improve the security of critical applications
• Work at the forefront of cybersecurity and software development, influencing the department’s security strategy.
• Collaborate with a dynamic, cross-functional team focused on delivering innovative solutions.

Criteria

The buyer has specified that each candidate must provide a response to each criterion. Each response is limited to 3000 characters.

Essential criteria

1. Leadership and Project Management:
   • Proven experience in a technical leadership or team lead role, managing application security or software development projects.
   • Strong project management skills, including the ability to coordinate cross-functional teams and manage competing priorities.
2. Application Security Expertise:
   • In-depth knowledge of secure software development practices, vulnerability remediation, and modern application security standards (e.g., OWASP).
   • Hands-on experience in application development, particularly in secure coding practices using languages such as Java, .NET, or Python.
3. Collaboration and Communication:
   • Exceptional ability to collaborate across teams and communicate complex technical concepts to diverse audiences.
   • Experience working in environments where application-level security is a priority, such as education, government, or regulated industries.
4. Technical Problem-Solving:
   • Ability to troubleshoot and resolve complex technical issues in diverse application environments.

Desirable criteria

1. Certifications such as CISSP, CSSLP, or PMP (Project Management Professional).
2. Experience with legacy application modernisation, particularly in software and database security.
3. Familiarity with SDLC processes, CI/CD pipelines, and application testing frameworks.
4. Knowledge of compliance frameworks relevant to application security in government or regulated sectors.