Senior Application Security Architect

Senior Application Security Architect

Hiring Manager: Tom Knight 

Closing Date: 7th February 2025

Home based (UK)

The Opportunity

The role of the Application (Software) Security Architect is a senior, hands-on, engineering focused position, responsible for helping to establish and permeate a Secure SDLC and ‘Secure by design’ approach and practice throughout all our Architecture and Software engineering teams.

The role will involve:

• Developing, implementing, and maintaining application security architecture across the organization
• Ensuring our systems are designed with objectives like speed, scalability, robustness, zero-trust, automation and supportability at the core
• Collaborate with the Architecture and engineering team to ensure security is an integral part of all development and deployment processes
• Providing expert software security advice (design, coding, testing, etc) to the Software Engineering community, to InfoSec, DevOps and other colleagues
• Defining and delivering secure software development of information to the software engineering teams
• Escalating issues appropriately, to various teams and levels of authority inside the organisation.
• Interfacing with our customers to ensure that security obligations are managed and met appropriately

About You

To be successful in the role of Application Security Architect, you should have a strong grasp and practical experience with the Software Development Life Cycle (SDLC), including roles such as Developer or Senior Tester. Familiarity with multiple programming languages, such as C++/C/C#, .NET core, Java, JavaScript, Node.js, Angular, and React, will be beneficial.

You will also have/be:

• Experience in creating application security strategies, standards, best practices, and providing direct input to project teams and business stakeholders is essential.
• Good experience working with security issues in software architecture, software development, e.g static and/or dynamic code analysis and tools, software dependency check, OWASP Top10 testing, application threat modelling etc.
• Good experience working in an Agile software development environment, with classic applications as well as microservices, using modern code processing and continuous integration and delivery tools (e.g. GitHub, Jenkins, Bamboo etc.)
• Good expertise in taking security policy statements and translating them into actual, implementable, security controls and techniques that can make our software applications demonstrably more secure and robust
• Good understanding of common information security management standards, frameworks, and laws / regulations: E.g. ISO 27001, NIST, GDPR etc.
• Experience of open-source security tools and how they could be uses in an enterprise
• Experience of securing Azure cloud workloads and environments.