Senior Specialist Security Architect

United Kingdom
Job ID: 1345

Job Description

Our client is looking for a Security Architect to join their expanding Security Architecture team. An active, solutions focussed role, working on a range of architecture activities, directly influencing the CyberSecurity posture of projects, as well as helping steer the longer-term security strategy of the firm.

Ideally you will have a strong technical background, with a firm understanding of enterprise systems, the security threats/attack patterns which a modern enterprise faces, and how application of security architecture can help mitigate these. Alongside the Head of Security Architecture, the role involves working at all levels, with CISO + directs on cyber strategy, CIO/chief architects on design/roadmaps, and with delivery/engineers on the security details of their systems.

The candidate will have a broad knowledge of the security technologies and capabilities used in an enterprise, and increasingly cloud-based environment. The candidate will also have a deep knowledge of one area, e.g. networking, system administration, application design, data security, authentication engineering, securing payments systems etc.

This role will play a key role in evangelising the benefits of Security Architecture and contribute to the continuous improvement of the offerings and the team’s agenda towards Secure By Design.

Role Responsibilities:

  • Monitors and assesses threats, taking appropriate action or escalating as appropriate

Key Functions of the role:

  • Working with technical architects to ensure security is built into active development project’s design
  • Translating business security requirements into technical controls/designs.
  • Translating security requirements into a system design.
  • Analysing legacy systems to identify key architectural risks, and recommending improvements
  • Producing quality security design patterns/blueprints
  • Contribution to the group CyberSecurity strategy
  • Working as SME in security policies, standards and procedures
  • Articulating CyberSecurity requirements in product selections/RFP
  • Produce Knowledge Transfer material related to the team’s processes
  • Contribute to formulating the team’s direction
  • Understand the group Cyber Security Strategy and be able to deputise on behalf of CISO / Head of
  • Security architecture on project boards/committees etc.
  • Understand the business context of technology platforms, and be able to deputise on behalf of business in technical security matters
  • Evangelise Security Architecture as an enabler as opposed to a blocking point

Technical Experience and Knowledge:

  • Threat modelling experience
  • Knowledge of enterprise/security architecture frameworks
  • Thorough understanding of the latest security principles, techniques and protocols
  • Critical thinker
  • Problem-solving skills, ability to work under pressure and self-starter
  • Deep understanding of common as well as emerging vulnerabilities and how they manifest in different types of applications (web applications, thick clients, APIs, etc)
  • Familiarity with OWASP Top 10, SANS Top 25, NIST / CSC, CIS etc.
  • Proven ability to influence; Good verbal and written communication skills, with strengths in communicating security concepts to non-security minded technical audiences
  • Fast learner - Willing to expand skillset and rapidly understand new technologies
  • Practical application of lessons learned into the team’s practices

Additional Skills:

  • Security industry-specific technical accreditations such as GIAC or other certifications demonstrating core technical skills
  • Previous experience in the finance industry/financial markets infrastructure and/or technology sector
  • Previous experience in security testing

Good understanding in some of the below areas:

    • Familiarity with modern development methodologies - Agile, DevOps and SecDevOps
    • Knowledge of modern authentication systems/IAM
    • Understanding of data security/cryptography/PKI Security in IaaS, PaaS and SaaS
    • Security in mobile computing
    • Network segregation in physical and virtualised environments
    • Working knowledge of at least one programming language
    • Detailed technical knowledge of database and operating system security
    • Hands-on experience in security systems, including firewalls, intrusion detection systems, anti-virus software authentication systems, log management and content filtering
    • Ability to deliver hands-on training sessions

Apply for this role

All fields marked with * are required.

Back to Job Listings