Job Description

We run a pure AWS-based cloud environment and deliver features using a continuous delivery approach. Our platform comprises a mix of proprietary and open-source products fully running in Kubernetes.

Our engineering team is growing rapidly and we're looking for experienced candidates for the position of application security architect for products security.

As an application security architect, you will perform application security reviews to identify application design flaws; Provide hands-on technical security guidance to protect our products from known and emerging threats, vulnerabilities, and intrusion attacks

• Passion to learn and to contribute to ongoing maturity of security engineering function and development of the team
• Make it easy for products, engineering and non-technical audience to embed appropriate level of security into ways of working
• Mobile Apps Secure Design - Threat modelling and risk assessment tools / services (Code Hardening, App Hardening, Runtime Application Security Protection (RASP)), Security requirements engineering, Security architecture patterns (e.g. OAuth 2.0 / OIDC security standards), Security and Privacy by Design Principles
• Security Verification - Architecture reviews, Requirements-driven testing, automation and embedding of security testing tools and frameworks into CI/CD tool chains
• Strong understanding of mobile application attack methods, kill chain disruption techniques (MITRE Framework. - Mobile)
• Security defect and vulnerability management (application and Mobile/ API pen testing exposure) - OWASP Top10/ SANS Top 25 Software Errors - Mobile security (Android & iOS)
• Familiarity with DevSecOps frameworks - OpenSAMM v2 / DSOMM, NIST Cyber Security Framework (CSF), NIST 800-53, OWASP MASVS /MASTG (Webapps/Mobile Apps)
• Exposure to architecting secure cloud services using AWS Well-architected framework
• Solid understanding of the major global regulations, legislative and legal requirements (FCA, EU-GDPR)

Careers24