Listing Description
Senior Application Security Architect
Hiring Manager: Tom Knight
Home based (UK)
The Opportunity
The role of the Application (Software) Security Specialist is a senior, hands-on, engineering focused position, responsible for helping to establish and permeate a Secure SDLC and ‘Secure by design’ approach and practice throughout all our Architecture and Software engineering teams.
The role will involve:
- Developing, implementing, and maintaining application security architecture across the organization
- Ensuring our systems are designed with objectives like speed, scalability, robustness, zero-trust, automation and supportability at the core
- Collaborate with the Architecture and engineering team to ensure security is an integral part of all development and deployment processes
- Providing expert software security advice (design, coding, testing, etc) to the Software Engineering community, to InfoSec, DevOps and other colleagues
- Defining and delivering secure software development of information to the software engineering teams
- Escalating issues appropriately, to various teams and levels of authority inside the organisation.
- Interfacing on with our customers to ensure that security obligations are managed and met appropriately
About You
To be successful in the role of Application Security Architect you will have an advanced understanding and demonstrable practical experience with the SDLC, e.g, as a Developer, Senior Tester. You will have extensive experience coding in more than one language from C++/C/C#, .NET core, Java, JavaScript, Node.js, Angular, React ETC.
You will also have/be:
- Good experience working with security issues in software architecture, software development, e.g static and/or dynamic code analysis and tools, software dependency check, OWASP Top10 testing, application threat modelling etc.
- Good experience working in an Agile software development environment, with classic applications as well as microservices, using modern code processing and continuous integration and delivery tools (e.g. GitHub, Jenkins, Bamboo etc.)
- Good expertise in taking security policy statements and translating them into actual, implementable, security controls and techniques that can make our software applications demonstrably more secure and robust
- Good understanding of common information security management standards, frameworks, and laws / regulations: E.g. ISO 27001, NIST, GDPR etc.
- Experience of open source security tools and how they could be uses in an enterprise
- Experience of securing Azure cloud workloads and environments.
Listing Details
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided