Application Security Architect - Solution Architect AppSec - Banking - CSSLP

Application Security Architect - Solution Architect AppSec - Banking - CSSLP

Posted 1 day ago by Rothstein Recruitment Ltd

Apply
Negotiable
Undetermined
Undetermined
London, UK
Apply
Acquisition Due Diligence Application Development Application Programming Interface (API) Application Security Automation Banking Cloud Computing Cloud Technology Continuous Integration and Continuous Delivery Due Diligence Financial Services Information Systems Security Input/Output Management Microservices Mitigating Control Mobile Application Development Privacy Impact Assessments Risk Management Risk Management Framework Secure Coding Software Coding Stakeholder Management Templates Threat Modeling Workflows z/OS

Summary: The Application Security Architect role involves leading security initiatives within an application development team as part of a major technology transformation in the banking sector. The position focuses on enhancing application security processes while managing a complex hybrid tech stack. The architect will be responsible for risk assessments, compliance, and fostering relationships with stakeholders to ensure secure software delivery. This role requires a blend of technical expertise and strong communication skills to navigate security challenges effectively.

Key Responsibilities:

  • Lead risk & control assessments using the Bank's defined processes, covering supplier due diligence, privacy impact assessments, and project security.
  • Support workstream in identifying and articulating risks, steering them towards appropriate treatment plans, documenting mitigating controls, and ensuring actions are completed within agreed timeframes.
  • Operate in line with the Bank's Risk Management framework and relevant risk and compliance policies, ensuring timely escalation of concerns to line manager.
  • Provide specialist advice and interpretation of Information Security best practices and UK regulatory requirements to various stakeholders.
  • Develop deep knowledge of the Bank's secure change processes and shepherd workstream through assessments and approval gates.
  • Build trust-based relationships with key stakeholders within the delivery team, including developers, testers, product managers, delivery leads, and tech leads.
  • Actively participate in the delivery team, attending daily stand-ups, PI planning sessions, and working groups.
  1. Possess a blend of technical skills (secure coding, threat modelling, SAST/DAST tooling) and SDLC experience focused on securing software throughout its lifecycle.
  2. Skilled communicator capable of conveying complex security issues to a wide audience, including non-technical colleagues.
  3. Pragmatic, delivery-focused mindset, comfortable owning outcomes and taking accountability.
  4. Build strong interpersonal relationships across engineering, product, compliance, and business teams to foster shared security ownership.
  5. Identify information security risks and enjoy finding creative solutions to problems.
  6. Wide range of information security knowledge, aware of personal knowledge gaps and able to seek support as needed.
  7. Understand the intersection of Risk Management and Information Security in a Financial Services context (3LoD model).
  8. Solid, practical experience integrating application security controls into CI/CD pipelines, with understanding of cloud security, microservices, and modern architecture.
  9. Good understanding of core privacy concepts and their application to technology change initiatives.
  10. Demonstrable experience supporting technology change initiatives to deliver solutions securely.
  11. Experience undertaking security assessments of complex systems and platforms, with primary focus on SDLC and secure coding practices.

Key Skills:

  • Technical skills in secure coding, threat modelling, SAST/DAST tooling.
  • Experience with SDLC and securing software throughout its lifecycle.
  • Strong communication skills for conveying complex security issues.
  • Pragmatic and delivery-focused mindset.
  • Ability to build strong interpersonal relationships.
  • Knowledge of information security risks and creative problem-solving.
  • Understanding of Risk Management and Information Security in Financial Services.
  • Experience with application security controls in CI/CD pipelines.
  • Understanding of privacy concepts related to technology change.
  • Experience supporting technology change initiatives securely.
  • Experience in security assessments of complex systems.

Salary (Rate): undetermined

City: London

Country: UK

Working Arrangements: undetermined

IR35 Status: undetermined

Seniority Level: undetermined

Industry: Other

Detailed Description From Employer:

Application Security Architect - Solution Architect AppSec - Banking - CSSLP

We are seeking a versatile and proactive AppSecurity Consultant Architect to join a major technology transformation programme. We are modernising our tech stack whilst preserving trust and security. You will act as the security lead in an application development delivery team working across a complex hybrid tech stack including Java/React, J2EE microservices, RPG/JSP hosted on z/OS and an API driven architecture.

A key focus of this role will involve uplifting our application development security processes to enable the team to deliver quickly and securely. You will operate our existing secure change process whilst helping revise and uplift the application development security assurance operating model. Your work will cover metrics, templates, controls, automation, secure code practices and workflows.

Main Responsibilities

  • Risk and Control Assessments - You will lead risk & control assessments using the Banks defined processes, covering supplier due diligence, privacy impact assessments and project security.
  • Risk Management - You will support your workstream identify and articulate risks, steering them towards appropriate treatment plans, documenting mitigating controls and ensuring these are actions within agreed timeframes.
  • You will operate in line with the Bank's Risk Management framework (including sub-frameworks) and relevant risk and compliance policies and procedures, ensuring appropriate and timely escalation of any concerns to your line manager.
  • Advisory - You will provide specialist advice and interpretation of Information Security best practice and UK regulatory requirements to a range of different stakeholders as new products, processes and systems are developed.
  • You will need to be aware of your own knowledge gaps and when & where to seek specialist input to solve a particular problem or query
  • Subject Matter Expertise - You will develop a deep knowledge of the Banks secure change processes and procedures, shepherding your workstream through various assessments and approval gates
  • Relationship Management - You will build deep, trust based relationships with key stakeholders within your delivery team such as developers, testers, product managers, delivery leads and tech leads.
  • You will be an active member of the delivery team, attending daily stand-ups, PI planning sessions and working groups.
  1. You have a blend of technical skills (secure coding, threat modelling, SAST/DAST tooling etc) and SDLC experience with a focus on securing software throughout the life cycle
  2. You are a skilled communicator, able to convey complex security issues to a wide audience, including non-technical colleagues.
  3. You have a pragmatic, delivery-focused mindset and are comfortable owning outcomes and taking accountability.
  4. You love building strong interpersonal relationships across engineering, product, compliance, and business teams to foster a culture of shared security ownership.
  5. You are great at identifying information security risks and you enjoy finding creative solutions problems.
  6. You have a wide range of information security knowledge and crucially, you are aware of your own knowledge gaps and able to seek support and guidance as required.
  7. You understand the intersection of Risk Management and Information Security and how these relate to each other in a Financial Service business (3LoD model)
  8. Application Security - Solid, practical and demonstrable experience of integrating application security controls (technical and non technical aspects), covering SDLC and secure coding practices, into CI/CD pipelines. Understanding of cloud security, microservices and modern architecture.
  9. Privacy - You don't need to be a privacy expert but you will require a good understanding of core privacy concepts and how these apply to technology change initiatives
  10. Technology Change - Demonstrable experience of supporting technology change initiatives to deliver solutions securely
  11. Risk and Control Assessments - Although your primary focus will be SDLC and secure coding practices, you'll also need experience of undertaking security assessments of complex systems and platforms.

Appsec Application Security Information Security InfoSec Bank Banking Financial Services CSSLP

Apply
Similar Jobs
Loading data...