Senior Specialist Security Architect
Our client is looking for a Security Architect to join their expanding Security Architecture team. An active, solutions focussed role, working on a range of architecture activities, directly influencing the CyberSecurity posture of projects, as well as helping steer the longer-term security strategy of the firm.
Ideally you will have a strong technical background, with a firm understanding of enterprise systems, the security threats/attack patterns which a modern enterprise faces, and how application of security architecture can help mitigate these. Alongside the Head of Security Architecture, the role involves working at all levels, with CISO + directs on cyber strategy, CIO/chief architects on design/roadmaps, and with delivery/engineers on the security details of their systems.
The candidate will have a broad knowledge of the security technologies and capabilities used in an enterprise, and increasingly cloud-based environment. The candidate will also have a deep knowledge of one area, e.g. networking, system administration, application design, data security, authentication engineering, securing payments systems etc.
This role will play a key role in evangelising the benefits of Security Architecture and contribute to the continuous improvement of the offerings and the team’s agenda towards Secure By Design.
- Monitors and assesses threats, taking appropriate action or escalating as appropriate
Key Functions of the role:
- Working with technical architects to ensure security is built into active development project’s design
- Translating business security requirements into technical controls/designs.
- Translating security requirements into a system design.
- Analysing legacy systems to identify key architectural risks, and recommending improvements
- Producing quality security design patterns/blueprints
- Contribution to the group CyberSecurity strategy
- Working as SME in security policies, standards and procedures
- Articulating CyberSecurity requirements in product selections/RFP
- Produce Knowledge Transfer material related to the team’s processes
- Contribute to formulating the team’s direction
- Understand the group Cyber Security Strategy and be able to deputise on behalf of CISO / Head of
- Security architecture on project boards/committees etc.
- Understand the business context of technology platforms, and be able to deputise on behalf of business in technical security matters
- Evangelise Security Architecture as an enabler as opposed to a blocking point
Technical Experience and Knowledge:
- Threat modelling experience
- Knowledge of enterprise/security architecture frameworks
- Thorough understanding of the latest security principles, techniques and protocols
- Critical thinker
- Problem-solving skills, ability to work under pressure and self-starter
- Deep understanding of common as well as emerging vulnerabilities and how they manifest in different types of applications (web applications, thick clients, APIs, etc)
- Familiarity with OWASP Top 10, SANS Top 25, NIST / CSC, CIS etc.
- Proven ability to influence; Good verbal and written communication skills, with strengths in communicating security concepts to non-security minded technical audiences
- Fast learner - Willing to expand skillset and rapidly understand new technologies
- Practical application of lessons learned into the team’s practices
- Security industry-specific technical accreditations such as GIAC or other certifications demonstrating core technical skills
- Previous experience in the finance industry/financial markets infrastructure and/or technology sector
- Previous experience in security testing
Good understanding in some of the below areas:
- Familiarity with modern development methodologies - Agile, DevOps and SecDevOps
- Knowledge of modern authentication systems/IAM
- Understanding of data security/cryptography/PKI Security in IaaS, PaaS and SaaS
- Security in mobile computing
- Network segregation in physical and virtualised environments
- Working knowledge of at least one programming language
- Detailed technical knowledge of database and operating system security
- Hands-on experience in security systems, including firewalls, intrusion detection systems, anti-virus software authentication systems, log management and content filtering
- Ability to deliver hands-on training sessions
Apply for this role
All fields marked with * are required.