Application Security Architect

Application Security Architect - £90,000 - £100,000 base, 15% bonus, + Great benefit packageWe are working with a global e-commerce firm that is seeking a highly competent, committed, and passionate architect to strengthen their team as they build robust application security architectures to protect their customers, partners, and colleagues.The Application Security Solution Architecture team, part of the larger cyber security group at a global e-commerce company, defines security architecture patterns for cloud-native services, delivers security design artifacts, develops security standards, and leads the adoption of these patterns in development projects across all departments.Responsibilities: Security Architecture and Design engagements including Threat Modelling for strategic platforms and systems with modern software architectures and advanced tech stacks.Drive the security architecture decisions and guide the security implementation for critical strategic systems.Lead the adoption of the Security and Privacy by-design principles with architects and development teams.Develop application security architecture patterns covering cloud-native services, security design artefacts, and architecture standards in alignment with Tesco’s cyber security strategy, industry standards, and regulatory requirements.Perform threat model for strategic application systems, discover the security design flaws and technology weaknesses, and define the security design requirements to address the inherent cyber threats.Influence decision-makers to improve the application architecture patterns to strengthen securityDevelop security standards for both front-end and back-end technologies and provide guidance on the secure development of applications and web services.Develop and maintain secure DevOps and GitOps architecture blueprints covering leading tools & solutions.Deliver application security design advisory for changes in architectural pattern and migration roadmaps.Selection of technical controls to strengthen security of application runtime environments.Qualifications: Experience with developing application security architecture patterns and design principles.Experience with Apps/API solution-level threat modelling and deep-dive technical security assessments.Experience with Kubernetes, Docker container and preferably GitHub Actions (or other CICD frameworks)Experience in application security frameworks and securing the front-end and back-end technologies.Strong understanding of inherent application design flaws and gaps in different architectures.Experience with modern SDLC methodologies and technologies Strong understanding of application attack tactics and techniques (MITRE Framework), security maturity models (OpenSAMM, BSIMM), security framework (NIST CSF), security standards (OWASP, SANS Top 25), regulations (GDPR, PA-DSS).Collaborating with software architects, product leaders and cross-functional security. Certifications such as CISSP, CSSLP, SANS GDSA or SANS GWEB will be an advantage.