We are seeking a Security Architect working for one of my key clients in Birmingham.
You will be accountable for effective implementation of security requirements as part of the Software and System Delivery Lifecycle. The role will work with Project Delivery, Business Analysts, Application Development, and Architecture and Engineering functions across the group, and will support these stakeholders to build security into the solutions delivered.
This role will suit a self-starter who will be responsible to establish a DevSecOps capability for IT systems, and to ensure that we meet regulatory expectations for secure development of Strategic platforms.
This capability will enable faster time to market and reduce costs due to:
* Enforcing consistency in IT Systems delivery
* Implementing repeatable processes
* Driving tight integration with DevOps SDLC delivery to reduce threats and vulnerabilities.
You will be required to;
- Develop and provide a modern security delivery function that seamlessly integrates with development lifecycle, including overall responsibility for frameworks, tooling and training;
- Provide security design consultancy and guidance;
- Develop and maintain application threat models;
- Advise on and provide security assurance, code scanning, design walkthroughs, black and white box testing.
- Develop security functional and non-functional requirements.
- Complete High Level and Low Level Designs and other relevant artefacts required by project lifecycle;
- Maintain security technical engineering standards to meet information security policies and controls, industry standards and best practices, applicable legislative and regulatory requirements;
- Support engineering colleagues to deliver secure configurations for technology implemented;
- Contribute to technology roadmaps and product evaluation;
- Provide consultancy and guidance to stakeholders including Developers, QA/Test, Architects, Engineering, Operations and Project Managers during project lifecycle;
Skills required; .
- Security Delivery Specialists will Possesses in-depth knowledge of the Secure Software/System Delivery Lifecycle (SDL) including contemporary development methodologies such as Agile and DevOps / DevSecOps
- Subject Matter Expertise in areas such as threat modelling, application security, Cloud, DevSecOps.
- This knowledge will supplemented by a detailed knowledge of compliance, policy and control requirements for financial services.
- An excellent understanding of the following areas or technologies would be of benefit:
- Project delivery methodologies in DevSecOps
- Modern application and infrastructure security design patterns
- Secure coding practices and threat modeling
- Application security principles and development frameworks such as OWASP, OpenSAMM and BSIMM
- Integrated Development Environments and tooling
- Continuous Integration/Continuous Deployment Tools and Processes
- Penetration, vulnerability testing, code assurance tools and techniques
- Scripting and automation tools