Hybrid: 3 days onsite per week in London
6 months+
In short:
We require a strong, application-focused Security Architect with a keen background in development or at least the ability to assure a product’s architecture and have low-level, detailed conversations with engineers on the product whilst also facing off to more senior stakeholders in the business.
In full:
You will be responsible for augmenting the Security Architecture team with speciality skills and help scale our security presence across the wider technology and infrastructure teams.
- Provide engineering and product teams with direction and guidance for all security matters.
- Help product teams deliver new business features securely while balancing and clearly articulating technical and business risk.
- You will be expected to drive the deployment/integration of security capabilities into engineering teams within the product domain.
- You will drive security initiatives such as developing security requirements, threat modelling, strengthening application security, vulnerability reduction, etc., with the engineering teams.
- Reducing friction is paramount and we are all about fast feedback within existing workflows, not adding another console for a developer to check.
- Support teams in a collaborative manner in matters of mobile application, web application, cloud and data security, with threat modelling, risk treatment and security advice across all security domains. If you can raise a PR to fix a security issue, do so.
- Facilitate risk remediation but also challenge decisions and status-quo.
- Facilitate in assurance activities like penetration testing, purple testing, app assurance.
- Build quarterly/monthly roadmaps for security activities and plan them.
You will need
To excel in this position, we expect you to have the following:
- Solid security experience across common security domains – the technology might have changed but most of the security challenges have not.
- A thorough understanding of modern application development practices so that security capabilities can be introduced and embedded while minimising developer friction.
- Excellent interpersonal, facilitation, and leadership skills along with effective communication (both written and verbal) skills.
- Be able to provide security guidance to engineering teams throughout the product development lifecycle.
- Be able to develop threat models, attack trees, and embed security by design in product engineering effort.
- Good understanding of web technologies, REST APIs, micro services, modern application development, and mobile apps. Good understanding of software architecture, dev-sec-ops, and network security.
- Good understanding of industry standards such as OWASP ASVS, OWASP Top-10, CIS benchmarks.
- Hands-on experience with complex Azure and AWS architectures with an emphasis on containerised workloads.
- Command-line/API experience is highly desirable as security automation is a strategic priority.
- Knowledge of and experience with PCI-DSS will be desirable.
- Multiple examples of completed projects in security engineering or closely related areas.
- Azure or AWS cloud security certifications (preferred).
Candidates will ideally show evidence of the above in their CV in order to be considered.
We are an equal opportunities employer.
#J-18808-Ljbffr