We are looking for someone who will work closely with stakeholders to define and evolve a system security architecture that is secure by design. You will be a valued member of our Digital Delivery Centre team, contributing to the strategic direction of the technology and solutions delivered.
The Security Architect will work in conjunction with solution architects, product owners, technical leads and security champions to identify the security risks associated with our products using application security threat modelling. Once risks have been identified, the Security Architect will work with those stakeholders to identify secure architectures and requirements that meet the needs of the business. The Security Architect will identify security assurance testing regimes that are aligned with the products and support the teams through their ongoing security assurance journeys.
WHAT TO EXPECT
This role sits within the digital delivery centre in Manchester.
The role is responsible for:
* Providing consultation to product teams in security architecture and design, and conduct security reviews of new and existing products and services
* Ensuring that solutions are secure by design and are aligned with corporate security policy
* Conducting and reviewing threat models to identify security risk
* Continual collaboration with stakeholders with a view to being a key part of the product delivery teams' success
* Maintaining strong knowledge of current security threats, mitigations and operational security best practices
* Providing security training, outreach, and guidance to our internal development teams
* Supporting the analysis of business requirements and their interpretation into security deliverables
WHAT YOU'LL NEED
In this position, you'll need a strong knowledge of DevOps and DevSecOps in addition to a comprehensive knowledge of application security threat modelling and security risk management. You have fundamental experience of security architecture within agile delivery frameworks and implementing SDLC process, technology, and automation in a DevOps environment.
Knowledge, Skills and Experience:
* Qualifications in Security Management such as CISSP / CSSLP or other Security qualifications.
* At least one full project cycle in the role of Security Architect accountable for the end-to-end security architecture of a complex integrated system,
* Solid experience of the security solution architecture discipline, ideally as part of a recognised agile secure SDLC
* Strong knowledge of application security threat modelling
* Strong knowledge of OWASP secure SDLC practices
* Extensive knowledge to be able to challenge existing thinking in a positive way whilst building credibility and trust through experience and personal style
* A good communicator who can communicate complex ideas to tech and non tech people
* An effective team player, actively leads, develops and supports team members
* An individual who is resilient, energetic and enthusiastic, able to deliver results, whilst responding constructively to challenging new ideas and inputs
Desirable Technical Skills and Knowledge
* Background and previous experience of cloud-based technologies such as AWS and GCP
* Message-driven architectures
* Real-time data and stream processing
* Micro services-based architectures
* Relational, non-relational databases (NoSQL), time-series databases, data lakes and analytics