5151 - Lead Application Security Engineer

We're recruiting for a Lead Application Security Engineer here at Justice Digital, to be part of our warm and collaborative Platforms and Architecture Cyber team.

This role aligns against Senior Security Architect role from the Government Digital and Data Framework

The cyber security of the digital services of the Ministry of Justice is vital to ensuring both trust in the justice system, as well as meeting our legal obligations, to protect sensitive information. The potential of a successful cyber attack is a departmental risk, and the allocation of effective and skilled effort to help reduce the risk is part of the mitigation presented to MoJ.

Part of achieving this requirement is through the delivery of Application Security (AppSec). Working in partnership with the development teams, AppSec work improves, and scales up security activities, helping teams design, build and automate security into their solutions, and finding new ways to reduce risk scores.

Providing this operational security improvement is a vital part of our collective work to mitigate existing security deficiencies in legacy and digital services, and to embed more effective security in our services for the future.

To help picture your life at MoJ Justice Digital please take a look at our blog and our Digital and Technology strategy 2025

Key Responsibilities:

You will be leading a small number of other AppSec Engineers, providing expert hands-on cyber security support to our development teams across the MoJ Justice Digital estate. You will be working to find better ways to defend and protect the development pipeline by building automation into processes and building in AWS and Azure native safeguards, where appropriate.

You will be working alongside cyber security consultants, and alerting them to areas of increased risk and new processes and techniques.

What you'll be doing:

Designing, developing and automating security tools and techniques to implement a secure software development lifecycle (SDLC), providing continuous assurance that systems are protected against common threats.
Implementing consistent DevSecOps best practices for the MoJ organisation.
Supporting and participating in workshops to raise awareness of security vulnerabilities and mitigations available to teams.
Help to address product security requirements by deploying homegrown and open source tools.
Coordinating with developers and product management to ensure these tools are fit for purpose.
Driving improvements in teams that ultimately improve outcomes in Secure by Design.
Collaborating with internal and external DevOps Teams to advocate software security practices and with Cloud Security and Security Architects in maintaining/extending Cloud Security patterns and use cases.
Communicating security findings to stakeholders in a clear and actionable fashion, focusing on real-world impact and with pragmatic options for resolution.
Maintaining good practice around code repo's (like Github), identifying and remediating weaknesses in Open Source libraries.
Working closely with platform teams to build centralised security reporting dashboards that provide security assurance across our applications.
Supporting threat modelling and security design reviews with engineering teams, providing subject matter expertise in resolving complex security problems.
Critiquing mitigations suggested from development teams on security issues.
Build the profile of the cyber security team through positive stakeholder interactions.
Utilise AppSec testing to build security confidence in products and services.
If this feels like an exciting challenge, something you are enthusiastic about, and want to join our team please read on and apply!

37 hours per week and flexible working options including working from home, working part-time, job sharing, or working compressed hours.
A £1k per person learning budget is in place to support all our people, with access to best in class conferences and seminars, accreditation with professional bodies, fully funded vocational programmes and e-learning platforms
Staff have 10% time to dedicate to develop & grow
Generous civil service pension based on defined benefit scheme, with employer contributions of 28.97% from April 1st 2024 (Contribution Rates)
25 days leave (plus bank holidays) and 1 privilege day usually taken around the Kings' birthday. 5 additional days of leave once you have reached 5 years of service.
Compassionate maternity, adoption, and shared parental leave policies, with up to 26 weeks leave at full pay, 13 weeks with partial pay, and 13 weeks further leave. And maternity support/paternity leave at full pay for 2 weeks, too!
Wellbeing support including access to the Calm app.
Bike loans up to £2500 and secure bike parking (subject to availability and location)
Season ticket loans, childcare vouchers and eye-care vouchers.
5 days volunteering paid leave.
Free membership to BCS, the Chartered Institute for IT.
Some offices may have a subsidised onsite Gym.