Application Security Architect - Confused.com

As an Application Security Architect, you will have a good combination of technical, architecture and communication skills. You’ll work across a wide portfolio of applications, both legacy and new, covering a variety of development stack, software, services and API's. You will provide in depth and practical secure development expertise to our Data and IT teams. You will lead in the creation of secure software design, build and delivery standards, policies and procedures and will provide security advice to colleagues. In conjunction with our InfoSec team, you’ll be monitoring the security health of our application estate, as well as our external attack surface (Cloud and OnPrem), and you’ll be producing reports and continuously recommending improvements in our software security practices and controls, both external and internal

Key responsibilities

• Designing secure software development and delivery systems with objectives like speed, scalability, robustness, zero-trust, automation and supportability at the core
• Ensuring that our application estate is built, deployed, delivered and operated securely, according to industry standards, as well as our own
• Providing expert software security advice (design, coding, testing, etc) to the IT team, InfoSec, DevOPS and other colleagues
• Running threat modelling sessions with Product Owners
• Carrying out research and regularly consulting with colleagues
• Delivering secure software development training (e.g. OWASP Top10)
• Working with colleagues on software vulnerabilities and security issues: determining scope, severity and potential impact, recommending next steps, following through with risk treatment and mitigation
• Escalating issues, appropriately, to various teams and levels of authority inside the organisation
• Acting as the first Point of Contact (POC) for all application and software security issues, vulnerabilities, events, anomalies, incidents and investigations

Your experience will include

• Microsoft Azure
• Communication protocols and patterns (HTTP, UDP, TCP/IP, FTP, SOAP, REST etc..)
• Excellent communication skills tailored to the audience (technical/non-technical)
• Working with (understanding, preventing and remedying) security issues in software architecture, software development, e.g. static and/or dynamic code analysis and tools, software dependency checking, OWASP Top10 testing, application threat modelling, good experience working in an Agile software development environment with classic applications as well as microservices, using modern code processing and continuous integration and delivery tools
• Taking security policy statements and translating them into actual, implementable, security controls and techniques that can make our software applications demonstrably more secure and robust
• An understanding of common information security management standards, frameworks, and laws / regulations: e.g. ISO 27001, NIST, GDPR, etc
• Experience of open source security tools and how they could be used in an enterprise

About Confused.com

As the first ever price comparison site in the UK, we’ve been trailblazers in the industry and in the technology sector since we began. Yet our success is built on more than tech. We’ve developed a strong and vibrant culture, where people who enjoy doing what they do are constantly finding ways to do it even better. Our passion, our honest and open approach and our focus on collaboration mean that we were recently named the fourth best large marketing place to work by Campaign. So come and join us! We look forward to your application.

Some of our benefits:

• Discretionary cash bonus based on personal and business performance
• Free share scheme where you receive £3,600 worth of shares every year
• 31 days’ holiday including bank holidays, plus extra time for good health
• Group pension scheme
• Opportunity for flexible working patterns, including working remotely
• Group Life Assurance
• Training and development opportunities
• Subsidised gym membership
• Cycle-to-work scheme
• Staff discounts scheme
• Discounted insurance offers
• Discounted healthcare scheme

Think you’ve got what it takes?  
Complete the application form and send us your CV

#LI-LP1