Security Architect (API / Product Security)

Security Architect (API / Product Security)

Posted 1 day ago by Pontoon Solutions

Apply
£800 Per day
Undetermined
Hybrid
London Area, United Kingdom
Apply
Amazon Web Services (AWS) Apache Velocity Application Development Application Programming Interface (API) Application Security Artificial Intelligence Automation Balancing (Ledger/Billing) Cloud Computing Cloud Technology Data Security Embedding Financial Information eXchange (FIX) Protocol Java (Programming Language) JavaScript (Programming Language) Microservices Microsoft Azure Microsoft Excel Mobile App Mobile Application Development Mobile Devices Network Security Open Web Application Security Project (OWASP) Penetration Testing Security Engineering Software Architecture Software Coding Software Development Stakeholder Management Threat Modeling Vulnerability Web Applications Web Browsers Workflows

Summary: The Security Architect (API / Product Security) role focuses on enhancing security within application development and product architecture, requiring strong collaboration with engineering teams and senior stakeholders. The position emphasizes the integration of security practices into existing workflows while minimizing friction for developers. The role is hybrid, requiring three days on-site in London, and is expected to last for six months or more. The ideal candidate will possess a solid background in security across various domains and modern application development practices.

Key Responsibilities:

  • Provide engineering and product teams with direction and guidance for all security matters.
  • Help product teams deliver new business features securely while balancing technical and business risk.
  • Drive the deployment/integration of security capabilities into engineering teams within the product domain.
  • Lead security initiatives such as developing security requirements, threat modelling, and vulnerability reduction.
  • Support teams in mobile application, web application, cloud, and data security with threat modelling and security advice.
  • Facilitate risk remediation and challenge decisions and status-quo.
  • Conduct assurance activities like penetration testing and app assurance.
  • Build quarterly/monthly roadmaps for security activities and plan them.

Key Skills:

  • Solid security experience across common security domains.
  • Thorough understanding of modern application development practices.
  • Excellent interpersonal, facilitation, and leadership skills.
  • Ability to provide security guidance throughout the product development lifecycle.
  • Experience in developing threat models and embedding security by design.
  • Good understanding of web technologies, REST APIs, microservices, and mobile apps.
  • Experience in browser security or mobile app security is desirable.
  • Familiarity with industry standards such as OWASP ASVS and CIS benchmarks.
  • Hands-on experience with Azure and AWS architectures, especially containerized workloads.
  • Command-line/API experience is highly desirable.
  • Some coding experience in Java, HTML, or JavaScript is a plus.
  • Knowledge of PCI-DSS is desirable.
  • Evidence of completed projects in security engineering or related areas.
  • Azure or AWS cloud security certifications preferred.

Salary (Rate): £800 daily

City: London

Country: United Kingdom

Working Arrangements: hybrid

IR35 Status: undetermined

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

Security Architect (API / Product Security) Retail Hybrid: 3 days onsite per week in London 6 months+ £750 - £800 per day

In short: We require a strong, application-focused Security Architect with a keen background in development or at least the ability to assure a product’s architecture and have low-level, detailed conversations with engineers on the product whilst also facing off to more senior stakeholders in the business.

In full: You will be responsible for augmenting the Security Architecture team with speciality skills and help scale our security presence across the wider technology and infrastructure teams.

  • Provide engineering and product teams with direction and guidance for all security matters.
  • Help product teams deliver new business features securely while balancing and clearly articulating technical and business risk.
  • You will be expected to drive the deployment/integration of security capabilities into engineering teams within the product domain.
  • You will drive security initiatives such as developing security requirements, threat modelling, strengthening application security, vulnerability reduction, etc., with the engineering teams.
  • Reducing friction is paramount and we are all about fast feedback within existing workflows, not adding another console for a developer to check.
  • Support teams in a collaborative manner in matters of mobile application, web application, cloud and data security, with threat modelling, risk treatment and security advice across all security domains.
  • If you can raise a PR to fix a security issue, do so.
  • Facilitate risk remediation but also challenge decisions and status-quo.
  • Facilitate in assurance activities like penetration testing, purple testing, app assurance.
  • Build quarterly/monthly roadmaps for security activities and plan them.

You will need To excel in this position, we expect you to have the following:

  • Solid security experience across common security domains – the technology might have changed but most of the security challenges have not.
  • A thorough understanding of modern application development practices so that security capabilities can be introduced and embedded while minimising developer friction.
  • Excellent interpersonal, facilitation, and leadership skills along with effective communication (both written and verbal) skills.
  • Be able to provide security guidance to engineering teams throughout the product development lifecycle.
  • Be able to develop threat models, attack trees, and embed security by design in product engineering effort.
  • Good understanding of web technologies, REST APIs, micro services, modern application development, and mobile apps. Good understanding of software architecture, dev-sec-ops, and network security.
  • Experience in browser security or mobile app security is desirable.
  • Good understanding of industry standards such as OWASP ASVS, OWASP Top-10, CIS benchmarks.
  • Hands-on experience with complex Azure and AWS architectures with an emphasis on containerised workloads.
  • Command-line/API experience is highly desirable as security automation is a strategic priority.
  • Some coding experience in something is always a plus - Java, HTML, JavaScript. You do not need to “be a developer” but you do need to understand the implications of security on engineering velocity.
  • Knowledge of and experience with PCI-DSS will be desirable.
  • Multiple examples of completed projects in security engineering or closely related areas.
  • Azure or AWS cloud security certifications (preferred).

Candidates will ideally show evidence of the above in their CV in order to be considered.

Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly.

Pontoon is an employment consultancy and operates as an equal opportunities employer. We use generative AI tools to support our candidate screening process. This helps us ensure a fair, consistent, and efficient experience for all applicants. Rest assured, all final decisions are made by our hiring team, and your application will be reviewed with care and attention.

Apply
Similar Jobs
Loading data...