The Cyber Security Team provides the security services that underpin Conde Nast’s
security posture and enhance the organization's security profile. The Cyber Security Team is
responsible for; Information Security and Cyber Risk management, Security Operations and
the global SOC, Security Architecture and Application Security as well as Security
Engineering. This role sits within the Cyber Security team reporting into the Lead of the
Security Architecture and Engineering function and provides the team with application
security expertise that will allow the team to fully engage with and embed into the various
Development and Engineering teams within Conde Nast. The successful candidate will own
and manage Cyber Security relationships with key stakeholders such as Platform,
Development and Engineering teams.
The applicant will come from a development background and will have held similar
application security engineering roles and have demonstrable expertise in application
security, SDLC and relevant CI/CD methodologies. The applicant will use this expertise to
identify security gaps in our current DevOps processes and propose remedies that will
enable us to leverage existing and new tools, processes and other technologies, to provide a
dedicated DevSecOps integrated approach to the lifecycle.
The applicant should have an understanding of Application Threat modeling methodologies
and will have experience of performing Threat modelling having previously used various
tools in performing these. The applicant should look to actively promote adoption and use of
such methodologies and ensure security requirements are understood and embedded into
the development lifecycle.
● Work collaboratively with Product & Platform Architecture, and Engineering teams to
identify vulnerabilities at the design stage.
● Support with detailing remediation steps for vulnerabilities and weaknesses found
● Perform application security design reviews, threat modeling and support with risk
● Provide expertise in the areas of security and privacy throughout the development
● Contribute to the selection and implementation of security tooling to be used within
the CI/CD pipeline.
● Drive security improvements within the products and applications Conde Nast
● Identify gaps in our application security controls and design and implement software
and processes to resolve the gaps and improve security.
● Support with Code Reviews/Analysis - We use various languages, but Java, Java
script and NodeJs experience is essential
● Liaise with the Platform Engineering, Development and Product Architecture teams
● Support with penetration testing against key applications/services
● Creation of reports that include KRI’s
This is a new role and is central to the changes we are making in the way we develop and
provide our numerous applications and services.
To be successful, the candidate will need to have and demonstrate the following knowledge,
skills and experience, along with a proactive focused attitude;
● Minimum 7 years experience in Application Security and Engineering,
● Minimum 7 years experience in Secure Development Lifecycle
● Thorough knowledge of CI/CD and DevOps principles
● Awareness of application security flaws and web application best practices (e.g.
OWASP Top 10, CWE SANS Top 25)
● Understanding of STRIDE, or other Threat modeling or applicable methodologies
● Experience of working in a geographically dispersed organisation with varied
● Experience of implementing security within a DevOps environment
● Knowledge of cloud and containers essential (Kubernetes, AWS, Docker, AWS EKS)
● Experience of having worked with GitHub, CircleCi and Quay.io is beneficial
● Experience of using Static and Dynamic Code Analysis tools
● Awareness and experience of the Data Protection Act, NIST and PCI-DSS
● Experience of performing container vulnerability scanning
● Experience of programming /development Technologies, (this will be tested at
● Good communication and presentation skills
● Good written language skills
● Knowledge of development methodologies e.g. Agile
● BS Computer Science or similar qualification
● Application Security certifications (CASE, CSSLP or similar)