Senior DevSecOps Architect
A great opportunity for a skilled and experienced Senior DevSecOps Architect at the Director level to play a crucial role in developing and implementing security architecture for complex infrastructure and applications in a challenging and exciting business environment.
Responsibilities:
* Lead the development and implementation of security architecture for complex infrastructure and applications.
* Collaborate with product management and engineering teams to develop solutions to critical projects.
* Provide mentorship and strategic guidance to partner teams within division and across the organisation.
* Conduct application threat modelling and risk assessments.
* Stay up-to-date with the latest threats and vulnerabilities in web, API, and enterprise applications.
* Address unique security considerations related to cloud computing and integrate cloud with on-premise services.
* Utilise your expertise in CI/CD practices, pipelines, and build tools.
* Mitigate threats and vulnerabilities to protect customer data and applications.
* Conduct secure code review and software composition analysis.
* Perform dynamic application security testing, including penetration testing and red team assessments.
Requirements:
* Extensive experience with technical lead/architectural responsibilities in building enterprise web applications.
* Proven leadership skills and ability to mentor and collaborate with application architects, engineering, and product teams.
* Deep understanding of threats and vulnerabilities in web, API, and enterprise applications.
* Extensive technical knowledge of security technologies related to application security.
* Familiarity with cloud architectures, including SaaS, PaaS, and IaaS, and their unique security considerations.
* Experience with application security products and solutions for secure code review, penetration testing, and red team assessment.
* Experience in AppSec Testing (SAST, DAST, SCA, IAST).
* Experience in DevSecOPS (CI/CD, Automation) and common code vulnerabilities (XSS, SQLI etc) in popular programming languages and open-source packages (Java, NodeJS, Spring, etc).
* Working knowledge and experience with "Cloud Architectures" (e.g., SaaS, PaaS, IaaS) and the ability to address the unique security considerations of secure Cloud computing (e.g., integrating cloud with on-premise services, Secure SDLC (SSDLC), Data Protection, OWASP top-10).
* Expertise in CI/CD practices, pipelines (Jenkins preferred), and build tools (Maven, Gradle, etc.).
* Experience with application security products and solutions for secure code review, penetration testing, and red team assessments.
* Proficiency in application security testing (SAST, DAST, SCA, IAST) and common code vulnerabilities in popular programming languages.
* Strong problem-solving skills and ability to navigate complex technology challenges.
* Agile development approach and ability to balance product strategy.
* Excellent interpersonal and communication skills, both written and verbal.
* Ability to effectively communicate the business value of emerging technologies.
About Our Client
Our client is a leader in their industry and is dedicated to protecting customer and enterprise data and assets in a constantly evolving cyber-threat landscape.
We are committed to building a supportive environment for you to explore the next steps in your career. If you require reasonable adjustments at any stage, please let us know and we will be happy to support you.