Product Security Architect
Posted 1 day ago by Fruition Group
Negotiable
Outside
Remote
England, United Kingdom
Summary: The Product Security Architect role is a contract position focused on shaping Product Security for an international technology organization. The position involves defining and evolving a group-wide Product Security strategy while collaborating with various teams to integrate security practices into development workflows. The role requires extensive experience in application security and software development, with a strong emphasis on secure coding and compliance. This position is remote and outside IR35, offering a strategic influence in a federated environment.
Key Responsibilities:
- Define, lead, and evolve a group-wide Product Security and Secure SSDLC strategy across all business units.
- Assess current AppSec capabilities, identify gaps, and implement practical, scalable improvements.
- Collaborate with Product Architects, engineering, and security teams to integrate security into GitHub, CI/CD pipelines, and development workflows.
- Provide architecture guidance and implement secure coding practices, threat modelling, and security tooling.
- Partner with stakeholders to define AppSec KPIs, monitor metrics, and report on security posture.
- Oversee Secure by Design initiatives, including project execution, vendor management, and integration with third-party tools.
- Advise on regulatory compliance, secure infrastructure as code, APIs, and modern DevSecOps principles.
Key Skills:
- 8+ years' experience in software development and application security, with recent experience in AppSec leadership or Security Architecture roles.
- Proven experience in embedding security practices into enterprise scale product development.
- Expertise in secure software development lifecycle, threat modelling, and security architecture.
- Strong GitHub knowledge, including security architecture for CI/CD pipelines.
- Experience with AppSec tooling.
- Familiarity with DevSecOps practices, cloud-native environments, and container security.
- Professional security certifications highly desirable (CISSP, CSSLP, CISM, or AppSec-specific).
- Experience in federated environments, regulated industries, or large enterprises is advantageous.
- Excellent communication skills for collaborating with technical teams and business leaders.
Salary (Rate): undetermined
City: England
Country: United Kingdom
Working Arrangements: remote
IR35 Status: outside IR35
Seniority Level: undetermined
Industry: IT
Job Title: Product Security Architect (Contract) Location: UK-based / Remote Contract: 3 months initially, Outside IR35
Why Apply? This is an opportunity to play a key role in shaping Product Security for an international technology organisation. The role offers exposure to a federated environment across multiple business units, providing strategic influence and hands on technical impact.
Responsibilities:
- Define, lead, and evolve a group-wide Product Security and Secure SSDLC strategy across all business units.
- Assess current AppSec capabilities, identify gaps, and implement practical, scalable improvements.
- Collaborate with Product Architects, engineering, and security teams to integrate security into GitHub, CI/CD pipelines, and development workflows.
- Provide architecture guidance and implement secure coding practices, threat modelling, and security tooling.
- Partner with stakeholders to define AppSec KPIs, monitor metrics, and report on security posture.
- Oversee Secure by Design initiatives, including project execution, vendor management, and integration with third-party tools.
- Advise on regulatory compliance, secure infrastructure as code, APIs, and modern DevSecOps principles.
Requirements:
- 8+ years' experience in software development and application security, with recent experience in AppSec leadership or Security Architecture roles.
- Proven experience in embedding security practices into enterprise scale product development.
- Expertise in secure software development lifecycle, threat modelling, and security architecture.
- Strong GitHub knowledge, including security architecture for CI/CD pipelines.
- Experience with AppSec tooling.
- Familiarity with DevSecOps practices, cloud-native environments, and container security.
- Professional security certifications highly desirable (CISSP, CSSLP, CISM, or AppSec-specific).
- Experience in federated environments, regulated industries, or large enterprises is advantageous.
- Excellent communication skills for collaborating with technical teams and business leaders.
We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation or age.