Security Architect

The Application Security Architect supports the wider Enterprise Security and Information Technology (ESIT) function, working across both product teams and central security initiatives. This role is a key enabler of secure, compliant, and resilient products. It requires a strong understanding of attack paths, adversary tactics, and emerging threats across a diverse technology stack.

You will act as a trusted advisor throughout the product development lifecycle, ensuring security strategy, design, and controls align with business goals and product roadmaps. You will provide visibility to leadership on product security posture, risks, and mitigation plans to protect organisational systems, data, and assets., * Collaborate with engineering and solution architecture teams to define and validate security requirements.

• Investigate and resolve complex or high-priority security incidents.
• Communicate risks, mitigation options, and security impacts to senior leadership.
• Manage a portfolio of applications and projects, ensuring appropriate security controls are implemented from inception to completion.
• Maintain a strong understanding of business operations, key systems, and priorities.
• Ensure information security policies, procedures, and technical standards remain current and adhered to.
• Conduct vulnerability testing, risk assessments, and security architecture reviews.
• Stay informed on emerging threats, industry trends, and regulatory changes that may affect product security.
• Translate business needs into security requirements and ensure solutions meet both business and security objectives.
• Support secure development practices throughout the product lifecycle, including DevOps and CI/CD pipelines.

• Strong technical security expertise across application, infrastructure, and cloud environments.
• Ability to interpret and apply security policies, standards, and regulatory frameworks.
• Experience working in large, highly regulated organisations and agile delivery environments.
• Knowledge of secure development practices, OWASP, MITRE, and cloud security standards.
• Ability to communicate complex security risks to both technical and non-technical stakeholders.
• Strong analytical skills with the ability to assess threats, vulnerabilities, and business impact.
• Experience with DevOps, SRE, architecture principles, and secure pipeline implementation.
• Familiarity with GDPR, HIPAA, PCI, or similar compliance frameworks (preferred).
• Technical certifications such as CISSP, CCSP, CEH, Azure or AWS (preferred).
• Development or Scripting experience (eg, .NET, Java, Python, PowerShell, Bash).
• Understanding of cryptography concepts and secure API/UI/microservices patterns.
• Knowledge of security technologies such as SIEM, SOAR, IDS, WAF, email gateways, and vulnerability management tools.
• Strong organisational skills with the ability to manage multiple projects and meet deadlines.