IT Consultant, Application Security (GSK IT)

Basic qualifications:

  • Broad Information Security knowledge, covering the security domains within the scope of ISO 27001
  • Education to degree level in IT related discipline, or equivalent experience.
  • 5 years of experience in Information Security, Threat and Vulnerability Management, or Risk Management
  • CISSP, SANS GIAC Certifications (e.g., GMOB, GPEN, GWAPT, GSNA), and/or CEH
  • Background in more than one of the following: vulnerability management, incident response, security assessments, web / mobile application coding, secure code review, application security concepts (input validation, HTML encoding, parameterized queries) application penetration testing, manual ethical hacking
  • Understands information security risks, preventive measures, incident management, and threat management at a high level.
  • Familiarity with intercept proxy tools such as Paros, WebScarab and Burp
  • Familiarity with Open Web Application Security Project (OWASP) Top Ten (for web and mobile), Web Application Security Consortium (WASC) Threat Classification, and CWE/SANS Top 25 Most Dangerous Programming Errors
  • Familiarity with web and mobile application testing tools such as WebInspect, AppScan, Accunetix, Rapid7, Qualys, SamuraiWTF
  • Experience detecting security issues such as Cross Site Scripting, SQL Injection, Parameter Manipulation, Forceful Browsing, Privilege Escalation, etc.
  • Familiarity with XML, SOAP, and Ajax.
  • Understanding of Lean Sigma principles and ITIL.

Preferred qualifications:

not required


Key Responsibilities:

  • Perform automated vulnerability scanning of web and mobile applications. Review scan output, identify and eliminate false positives using manual testing techniques. Prioritize response to vulnerabilities to ensure GSK's web and mobile applications and data are protected.
  • Advise and negotiate with global customers and third party developers to explain complicated application security issues and potential business impacts to developers, project leads, and business customers and recommend suitable mitigation approaches.
  • Influence third party testing vendor to address service issues and implement improvement opportunities.
  • Manage relationships and communications with central services, business unit and local IT staff.
  • Analyze discovered vulnerabilities within the web and mobile applications and, based on data sensitivity and application criticality, assign risk score and work with application owner to drive remediation.
  • Actively contribute to information security projects.
  • Assist with architecture, proposal, standards and project reviews under supervision of senior staff.
  • Deliver training and awareness in conjunction with senior staff.
  • Maintain excellent customer engagement and relationships, listening to voice of the customer and fostering a customer-centric environment where process and service improvement is in-built
  • Assist in design of processes, procedures and services to support the work of the AHDS group
  • Monitor service metrics, identify gaps and propose improvements
  • Manage relationships and communication with third party security testing partners
  • Assist with developing and reviewing new security architectures, strategies, standards and proposals
  • Demonstrate solid domain competency in the field of information security, including information security principles, technology and tactics
  • Provide recommendations to AHDS LT and InfoProtect project, on further improvements in the area of application security space based on ongoing review of internal processes and services

Why GSK?

GSK is deeply committed to professional and personal development offering employment opportunities across a diverse collection of businesses and geographies. So you'll flourish in an inspiring environment where personal growth plays a vital part in the changing face of the business. Most of all, you'll enjoy the sense of purpose that comes from leading change in an industry that touches millions every day.

You are invited to submit your CV with the motivational letter in English using the "Apply now" button.

Thank you very much for your interest in development opportunities with GlaxoSmithKline.

Contact information:

You may apply for this position online by selecting the Apply now button.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

Meet Some of GlaxoSmithKline's Employees


Procurement Associate

Jasdeep finds diverse suppliers to build GSK’s pipeline. He organizes joint ventures with companies and negotiates pricing rates and payments to build a seamless supply system for GSK’s materials and products.


HR Associate, Future Leaders Program

Now in her second rotation of GSK’s Human Resources Future Leaders Programme, Andrea is shaping the future of talent management within Research and Development, from workforce assessments to strategy and operations.

Back to top