Application Security Architect

---

Job description

My London based client is looking to recruit an experienced Security Architect to act as a change agent and ambassador for cyber security, promoting and driving security improvement. As part of the Information Security team we work hand in hand with Digital Delivery, enabling our squads to build and release world class secure products. You will identify and assess security threats and risks, support our digital squads in design and remediation, and provide consultancy to architect secure solutions.

The Security Architect will work in the Applications arena (AppSec) leading Application Security, working with digital squads, enabling them to build and release secure world-class products.
Being the SME for AppSec, the role will drive the application Security roadmap, aligning it to Business Risks and Objectives. The candidate will integrate into a dynamic agile environment where we deploy hundreds of times per week.

As Application Security Lead you will:

Promote AppSec, embedding secure-by-design and secure-by-default into our SDLC
Provide support on threat modelling and design reviews
Bootstrap security into teams, educating developers, scaling up security champions
Provide hands-on support resolving security issues
Drive security improvements to our CI/CD pipelines, enabling shift-left development
Improve in-house security tooling and solutions

Technically, you will possess the following:

Application Security background, with experience in C#, .Net, JavaScript/Typescript
Experienced working with cloud-native platforms, serverless applications and microservices using Azure PaaS
Good understanding of the threats to Web applications & APIs, and how to mitigate them
Experience working within an agile environment, and with teams delivering Continuous Integration/Continuous Delivery (CI/CD)
Experience with application security testing tools and solutions throughout the SDLC, eg SAST, DAST, IAST, SCA, WAF
Threat modelling & threat intelligence experience
Identity and Access Management- modern web-based methods of authentication, OIDC, OAuth
Offensive Security - Hands-on experience of vulnerability assessments and penetration testing using Burp Suite, Kali Linux or similar
Experience in FinTech businesses, and in consumer lending or Credit Card issuing
Knowledge of security and compliance frameworks and standards, eg PCI-DSS, ISO 27001, GDPR
Familiar with Infrastructure as Code and Compliance as Code
Mobile application security
Azure AZ-300, AZ-301, AZ-500 or similar
CISSP, CLSSP, OSCP

In return, you will be offered an attractive salary and benefits package