You must be an highly skilled technology expert responsible for the architecture and design of the security aspects of products built in-house and ensuring alignment with the company technology strategy. In this role you will work closely with project teams throughout the organisation ensuring security is thought about and delivered early in the project lifecycle. You will often be supporting multiple projects simultaneously and will have to ensure timely delivery of security inputs. You will also help design standards and controls necessary to ensure the security of information systems assets, including prevention of intentional & inadvertent access, modification, disclosure, or destruction.
As a trusted business partner you will provide insightful and timely security advice that enables company business initiatives to move at pace whilst ensuring risk are clearly articulated and appropriately managed.
- Work closely with software Architects and make new projects secure from the first phases of SDLC together with them.
- Conduct Threat Modelling workshops with development teams and product stakeholders and identify the threats that need be addressed during the development of new projects.
- Champion application security throughout the software development lifecycle
- Work as part of a team delivering against the architectural strategy and roadmap
- Build strong business relationships with partners to understand mutual goals, requirements, options and solutions to complex or intangible software security issues
- Full service engagement and provide ideas, options, solutions and advice to projects
- Develop plans for security technologies that integrate effectively with other aspects of the technical infrastructure
- Work as part of teams building software providing security guidance
- Facilitate the development and communication of Security standards for software & systems design, development and deployment
- Use and promote software, systems and operational security design methodologies
- Research and evaluate emerging technologies to detect, mitigate, triage, and remediate software security defects across the enterprise
- Work with application and product teams to encourage a security mindset throughout product development processes from concept to testing and implementation
- Integrate application security requirements into development Agile Methodologies (Scrum) and support Continuous Delivery pipelines
Essential Skills & Experience
- Must have experience as part of a complex architecture/development practice, working on multiple large and complex projects simultaneously
- Demonstrable impact on strategic development of technology in a medium or large sized company
- Experience of managing and performing security assessments (design review & pen test)
- Excellent understanding of threats, vulnerabilities and risk. Ability to help people to clearly and accurately articulate complex threats and risks, controls and mitigations.
- Technical experience with any of the following advantageous; AngularJS, Node.JS, Java, Spring, web services, JMS, AJAX, Oracle Coherence and HA & DR
- Ability to find solutions to seemingly intractable security problems
- Able to take a holistic view of technology across the business
- Strategic thinker with a proven ability to innovate
- Strong communication and documentation skills – ability to communicate with technical and non-technical audiences at all levels of the organization
- Flexible attitude and ability to meet deadlines under pressure
Desirable Skills & Experience
- Exposure to highly-transactional or very high throughput systems
- Exposure to an enterprise architecture framework an advantage (TOGAF, SABSA etc.)
- Broad technical knowledge and ability to pick up new technologies quickly