Description
Experienced Application Security Architect needed to establish a Secure SDLC and "secure by design" approach within an established development team.
You will work across a wide portfolio of applications, both Legacy and new, covering a variety of development stack, software, services, API's and systems. Embedded in the Software Engineering team, you will provide in depth and practical secure development expertise to engineering, InfoSec, Data, IT and other teams. You will lead in the creation of secure software design, build and delivery standards, policies and procedures.
Core Responsibilities
- Design secure software development and delivery systems with objectives like speed, scalability, robustness, zero-trust, automation and supportability at the core.
- Ensure that the application estate is built, deployed/delivered and operated securely, according to industry standards, as well as our own.
- Provide expert software security advice (design, coding, testing, etc) to the Software Engineering community, to InfoSec, DevOPS and other colleagues.
- Do research and regularly consult with colleagues
- Deliver secure software development training (eg OWASP Top10)
You will have:
- Advanced understanding and demonstrable practical experience with the SDLC (Software Development Lifecycle), eg in a Developer, SDET, Senior Tester/QA analyst, Application Architect, Product/API designer or similar role. - minimum 5 years of experience required; coding experience in more than one language from: C/C++/C#, .NET, .NET Core, Java, JavaScript, Node.js, Angular, React, etc.
- Good experience working with (understanding, preventing and remedying) security issues in software architecture, software development, eg static and/or dynamic code analysis and tools, software dependency checking, OWASP Top10 testing, application threat modelling, SEI CERT C/J, etc.
- Good experience working in an Agile software development environment, with classic applications as well as microservices, using modern code processing and continuous integration and delivery tools (eg GitHub, Jenkins, Bamboo, etc)
- Good expertise in taking security policy statements and translating them into actual, implementable, security controls and techniques that can make our software applications demonstrably more secure and robust.
- Good understanding of common information security management standards, frameworks, and laws/regulations: eg BSIMM, ISO 27001, GDPR, etc.
If interested in this contract please submit your CV for immediate review