Application Security Architect – £90k + Benefits
An exciting opportunity has arisen for Application Security Architect to join one of the biggest data supply companies in the UK. You work across a wide portfolio of applications, both legacy and new, covering a variety of development stack, software, services, API’s and systems.
• Design secure software development and delivery systems with objectives like speed, scalability, robustness, zero-trust, automation and supportability at the core.
• Ensure that the application estate is built, deployed/delivered and operated securely, according to industry standards.
• Provide expert software security advice (design, coding, testing, etc) to the Software Engineering community, to InfoSec, DevOPS and other colleagues.
• Deliver secure software development training (e.g. OWASP Top10)
• Co-work with Security Analysts and other colleagues on software vulnerabilities and security issues: determine scope, severity and potential impact, recommend next steps, follow through with risk treatment and mitigation.
• Act as the first Point of Contact (POC) for all application / software security issues, vulnerabilities, events, anomalies, incidents and investigations.
• Use primary and secondary data to produce analysis and reports, regular and ad-hoc.
• Present to senior and executive management on the status of our application estate and on the progress of our security plan.
You will have:
• Advanced understanding and demonstrable practical experience with the SDLC (Software Development Lifecycle)
• Good experience understanding, preventing and remedying security issues in software architecture, software development, e.g. static and/or dynamic code analysis and tools, software dependency checking, OWASP Top10 testing, application threat modelling, SEI CERT C / J, etc.
• Good experience working in an Agile software development environment, with classic applications as well as microservices, using modern code processing and continuous integration and delivery tools (e.g. GitHub, Jenkins, Bamboo, etc)
• Good expertise in taking security policy statements and translating them into actual, implementable, security controls and techniques that can make our software applications demonstrably more secure and robust.
• Good understanding of common information security management standards, frameworks, and laws / regulations: e.g. BSIMM, ISO 27001, GDPR, etc.
• Experience of open source security tools and how they could be used in an enterprise
• A good combination of technical, architecture and communication skills
• Pension Scheme
• Discretionary Bonus
• Childcare Vouchers
• Training Opportunities
• 25 days holiday + bank holidays
• Flexible working hours