Sage
Application Security Specialist (m/w/d)
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Sage
Sage is a global software company founded in 1981 in Newcastle upon Tyne, UK. It specializes in accounting, payroll, human resources (HR), and business management software solutions for small to medium-sized enterprises (SMEs) and larger organizations. With over 11,000 employees, Sage supports millions of customers across more than 20 countries. The company offers a range of products, including accounting and financial management software like Sage 50 Accounts, payroll and HR solutions, and enterprise resource planning (ERP) systems such as Sage X3. Sage also provides cloud-based solutions, enabling customers to access their business data anytime and anywhere. Additionally, Sage delivers industry-specific software tailored for sectors like construction and real estate. The company has integrated artificial intelligence into its offerings and introduced products like Sage Earth for carbon accounting. Sage positions itself as a partner for business builders, providing software, expert advice, and support to help customers grow and manage their businesses effectively.
Security at Sage
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
- Sage's AppSec philosophy centers on 'Infusing confidence in customers and colleagues' and ensuring trust in their cybersecurity.
- They emphasize that 'Application Security Specialists are responsible for ensuring that our new product and system releases are secure,' indicating a focus on secure product delivery.
- Their risk philosophy involves adopting the 'National Institute of Standards and Technology (NIST) AI Risk Management Framework'.
- Key goals include 'addressing vulnerabilities quickly and effectively' and supporting team development through funding certifications like Azure, Splunk, AWS, and Python.
Security Team
Sage has 'Global Security teams' with 'Application Security Specialists' responsible for securing new product and system releases. The exact reporting line (e.g., to CISO or CTO) is not publicly available. Key public-facing leaders include Ben, EVP Chief Risk Officer; Mads, Manager, OCISO - Global Security; and Arron Harris, Chief Technology Officer. Specific AppSec leader bios or LinkedIn profiles were not found. The team size is not publicly available, though job postings for Global Security/cybersecurity roles exist, such as a 'Senior Cybersecurity Specialist – Incident Response' which requires application-security-related skills. Common skill patterns include funding for certifications like Azure, Splunk, AWS, and Python, and general 'Knowledge of application security'.
Key Initiatives
Sage's Global Security careers page references efforts to 'improve our security culture, behaviors, champions', but no explicit public evidence details a named Security Champions program structure. Information on 'Shift Left' practices, specific pre-commit, IDE, or CI/CD security actions is not publicly available. Their vulnerability management process includes 'addressing vulnerabilities quickly and effectively', but details on triage SLAs, MTTR, or ticketing systems are not publicly available. There are no explicit company-level Secure SDLC artifact statements (e.g., mandatory security reviews or threat modeling cadences) publicly available. Recent initiatives show continued emphasis on Trust & Security Hub updates and security-related blog guidance, but no discrete press releases or blog posts about new AppSec tool roll-outs or policy changes were found.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.