Application Security Architect

Admiral Financial Services (AFSL) is the young, energetic lending arm of Admiral Group. Based on the 11th floor in Ty Admiral, we have the freedom to innovate like a small start up with the fortunate support of Admiral Group.

The journey started for us when we launched unsecured personal loans in June 2017. We went on to be the first direct to consumer car finance provider in December 2017 and since then, we have gone from strength to strength!

With ambitious plans for 2020, we’re looking for someone who is keen to learn, excited about getting stuck in and ready for a challenge. Our vision is simple, we’re creating a special lending business for our customers whilst also ensuring AFSL is a fantastic place to work.

As a business, it’s important that our staff are transparent, creative, curious and challenge with care, all whilst being actively involved in our culture.

We support and understand the need for flexible working and on this basis the successful candidate can expect a balance of remote and home working.

The Role

We are now looking for an Application Security Architect to join a newly formed Cyber Security function.

The Application Security Architect will become a member of a small team who will work with colleagues within Admiral Financial Services and the Admiral Group.

Working with the Head of Cyber Security, but very much embedded with amongst our developers and DevOps teams. You will be a critical part of improving our development processes and embedding a Secure by Design and DevSecOps culture. This will require identifying security requirements and risks in our development activities, supporting delivery of those improvements, and helping to provide assurance back to the business. You will continue to support our “shift left” ensuring we manage risk and embed security earlier into our agile development lifecycle and drive forward improvements to our CI/CD pipeline.

You will be an organised, enthusiastic self-starter, a problem solver and to top it off a great communicator, able work closely with our developers any third parties that might be involved in the delivery of our security services to the business. You will be someone that people can trust and turn to for expert knowledge, and advice on anything related to application security, passionate about the subject and able to upskill those around you.

Essential:

• Good knowledge of web-based technologies
• Experience of developing in AWS, and certified.
• Previous experience in application security role
• Experience as a developer, supporting software developers, CI/CD pipeline improvement and DevOps Teams
• Coding in more than one language, our primary languages are Go and Python
• Delivering threat modelling exercises as part of sprints.
• Working with (understanding, preventing and remedying) security issues in software architecture, software development, e.g. static and/or dynamic code analysis and tools, software dependency checking, OWASP Top10 testing, application threat modelling
•  Good experience working in an Agile software development environment, with classic applications as well as microservices, using modern code processing and continuous integration and delivery tools (e.g. Bitbucket, Drone, Concourse, etc)
• Developed formal application security patterns, that are clearly understood and implementable.
• Established security controls and techniques that software applications demonstrably more secure and robust.
• An understanding of common information security management standards, frameworks, and laws / regulations: e.g. BSIMM, ISO 27001, GDPR, etc.
• Experience of open source security tools and how they could be used in an enterprise
• Knowledge and experience in the principle security domains (e.g. architecture, logging &
• monitoring, security operations, risk management, etc.)
• Broad knowledge of information security exploits and threats
• Delivering security training and awareness to development teams (OWASP)
• Ability to independently manage workload effectively
• Effective communication and interpersonal skills

Desirable:

• Degree level qualification in a related technology discipline (i.e. Security, Computing, Information Systems)
• Experience working in financial sector/financial products desirable
• Security specific qualifications e.g. CISSP, CISM, CCP, CSSLP, GWEB, GSSP
• Good understanding of regulatory requirements in the financial sector
• Any other cloud Technology certifications Azure/Google

About Admiral

We're Wales’ only FTSE 100 company. We have forward-thinking approaches and provide endless opportunities to test, learn and grow. There's a reason we've been named a Best Place to Work: our progressive culture, core values, and commitment to diversity and inclusion have created a working environment where people share ideas, aren’t afraid to speak up and change things, and above all, feel valued.

Admiral has grown from being a small start-up into a multi-national organisation. The company is constantly investigating new products, services and markets and is now present in eight countries with a diverse product portfolio.

Our success goes hand-in-hand with having a strong culture where we put our people and customers first. Our philosophy is simple yet effective: people who like what they do, do it better, and this, in turn, means that our customers receive the level of service and products that they deserve. Our culture is honest, open and wholeheartedly focused on four key areas:

Communication, Equality, Reward & Recognition, and Fun.

Salary, Benefits and Work-Life Balance

We do not have a set salary for this position, as it will be dependent on the successful candidate’s experience. We are happy to see CVs from all candidates who meet the requirements and will be happy to discuss the remuneration package.

At Admiral, we are proud to be a diverse business where we put our people and customers first. We have great benefits to ensure employees have a great work-life balance; it's one of the reasons we're voted no. 1 in the 2019 Sunday Times Best Big Companies to Work For in the UK. We want you to have an element of freedom to define a working lifestyle that supports this, so accommodate flexible hours wherever possible.

Please note, we are unable to accept CVs via email.