Our client is looking for a permanent Application Security Architect to establish and permeate a Secure SDLC and 'secure by design' approach and practice throughout all our software engineering teams.
The right candidate must have a good combination of technical, architecture and communication skills. They will work across a wide portfolio of applications, both legacy and new, covering a variety of development stack, software, services, API's and systems. Embedded in our Software Engineering team, s/he will provide in depth and practical secure development expertise to engineering, InfoSec, Data, IT and other teams. They will lead in the creation of secure software design, build and delivery standards, policies and procedures and they will provide security advice to colleagues. They will be monitoring, in conjunction with our Security Analysts, the security health of our Application estate, as well as our external attack surface (Cloud and OnPrem), as well as producing reports and continuously recommending improvements in our software security practices and controls, external and internal.
The role will involve:
Design secure software development and delivery systems with objectives like speed, scalability, robustness, zero-trust, automation and supportability at the core.
Ensure that the application estate is built, deployed/delivered and operated securely, according to industry standards, as well as our own.
Provide expert software security advice (design, coding, testing, etc) to the Software Engineering community, to InfoSec, DevOPS and other colleagues.
Do research and regularly consult with colleagues
Deliver secure software development training (e.g. OWASP Top10)
Co-work with Security Analysts and other colleagues on software vulnerabilities and security issues: determine scope, severity and potential impact, recommend next steps, follow through with risk treatment and mitigation.
Escalate issues, appropriately, to various teams and levels of authority inside the organisation.
Act as the first Point of Contact (POC) for all application / software security issues, vulnerabilities, events, anomalies, incidents and investigations.Please apply for the role if you can advanced understanding and demonstrable practical experience with the SDLC (Software Development Lifecycle), e.g. in a Developer, SDET, Senior Tester/QA analyst, Application Architect, Product/API designer or similar role.
You experience will include:
Working with (understanding, preventing and remedying) security issues in software architecture, software development, e.g. static and/or dynamic code analysis and tools, software dependency checking, OWASP Top10 testing, application threat modelling, SEI CERT C / J and good experience working in an Agile software development environment, with classic applications as well as microservices, using modern code processing and continuous integration and delivery tools (e.g. GitHub, Jenkins, Bamboo, etc)
taking security policy statements and translating them into actual, implementable, security controls and techniques that can make our software applications demonstrably more secure and robust.
An understanding of common information security management standards, frameworks, and laws / regulations: e.g. BSIMM, ISO 27001, GDPR, etc.
Experience of open source security tools and how they could be used in an enterpriseThis role will allow 1 or 2 days a week working remotely with the rest being office based. The role is fully remote working while the COVID 19 measures are in place. It's a great role with great career and professional development opportunities. Please apply with your word CV for more information.
Please note that due to a high level of applications, we can only respond to applicants whose skills and qualifications are suitable for this position.
No terminology in this advert is intended to discriminate against any of the protected characteristics that fall under the Equality Act 2010.
Bowerford Associates Ltd is acting as an Employment Agency in relation to this vacancy