Banner Default Image

Liquid error: internal

Application Security Architect

  • Location

    London, Greater London, England

  • Sector:

    Information Security

  • Job type:

    Permanent

  • Salary:

    Excellent Salary and Benefits package

  • Contact:

    Sarah Copley

  • Contact email:

    Sarah@thebridgeit.com

  • Contact phone:

    0113 386 8552

  • Job ref:

    2851SC

  • Published:

    25 days ago

  • Expiry date:

    2021-12-24

  • Consultant:

    Sarah Copley

My London based client is looking to recruit an experienced Security Architect to act as a change agent and ambassador for cyber security, promoting and driving security improvement. As part of the Information Security team we work hand in hand with Digital Delivery, enabling our squads to build and release world class secure products. You will identify and assess security threats and risks, support our digital squads in design and remediation, and provide consultancy to architect secure solutions.
The Security Architect will work in the Applications arena (AppSec) leading Application Security, working with digital squads, enabling them to build and release secure world-class products.
Being the SME for AppSec, the role will drive the application Security roadmap, aligning it to Business Risks and Objectives. The candidate will integrate into a dynamic agile environment where we deploy hundreds of times per week.
As Application Security Lead you will :
• Promote AppSec, embedding secure-by-design and secure-by-default into our SDLC
• Provide support on threat modelling and design reviews
• Bootstrap security into teams, educating developers, scaling up security champions
• Provide hands-on support resolving security issues
• Drive security improvements to our CI/CD pipelines, enabling shift-left development
• Improve in-house security tooling and solutions

Technically, you will possess the following :

• Application Security background, with experience in C#, .Net, JavaScript/Typescript
• Experienced working with cloud-native platforms, serverless applications and microservices using Azure PaaS
• Good understanding of the threats to Web applications & APIs, and how to mitigate them
• Experience working within an agile environment, and with teams delivering Continuous Integration / Continuous Delivery (CI/CD)
• Experience with application security testing tools and solutions throughout the SDLC, e.g. SAST, DAST, IAST, SCA, WAF
• Threat modelling & threat intelligence experience
• Identity and Access Management– modern web-based methods of authentication, OIDC, OAuth
• Offensive Security - Hands-on experience of vulnerability assessments and penetration testing using Burp Suite, Kali Linux or similar
• Experience in FinTech businesses, and in consumer lending or Credit Card issuing
• Knowledge of security and compliance frameworks and standards, e.g. PCI-DSS, ISO 27001, GDPR
• Familiar with Infrastructure as Code and Compliance as Code
• Mobile application security
• Azure AZ-300, AZ-301, AZ-500 or similar
• CISSP, CLSSP, OSCP

In return, you will be offered an attractive salary and benefits package