Senior Product Security Architect

Lloyds Banking Group
Bristol, United Kingdom
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
£ 109K

Job location

Bristol, United Kingdom

Tech stack

Artificial Intelligence
Computer Security
Continuous Integration
Systems Development Life Cycle
Software Vulnerability Management
Large Language Models
Software Security
Devsecops
Serverless Computing
Microservices

Job description

We're looking for a technically deep and forward-thinking Senior Product Security Architect to join our Enterprise Security Architecture team. This is a role that combines application security engineering, vulnerability management and developer engagement into a unified product security capability.

You will work alongside engineering, platform teams and product owners to ensure security is built in from the beginning, as well as own how we find, prioritise and drive the remediation of risk across the application estate and be security's primary voice inside engineering.

The Chief Security Office (CSO) is a vital part of delivering the Group's vision of putting customers at the heart of everything we do, helping Britain prosper and protecting the Group and customers from security threats.

We define and communicate the Group's security strategy and provide critical enterprise security services that both protect the organisation and enable its digital transformation agenda.

We are evolving rapidly by investing in our people, tools and practises to stay ahead of an increasingly complex threat landscape and a fast paced technology estate. The security architecture function sits at the core of this to provide thought leadership and cross-cutting influence that keep the Group's security posture aligned to its ambitions.

What you'll be doing:

  • Defining and being responsible for the target states for application security and vulnerability management and solving sophisticated architectural problems
  • Acting as a trusted security partner to engineering - proficient in their language and focused on unblocking rather than gatekeeping
  • Performing research and development in collaboration with other security teams to ensure the security architecture is staying ahead of challenges and the Group's technology transformation agenda
  • Describing and helping to lead the complexity of the Group's Enterprise Security Architecture and associated interlocks
  • Supporting strategic change within the Group, specifically security change where you'll take a leading architectural role in shaping and supervising initiatives
  • Staying ahead of emerging product security challenges - including AI-integrated application risk, software supply chain security and cloud-native attack surfaces
  • Representing the security architecture function with confidence in senior stakeholder forums
  • Producing your own artefacts and handling your own delivery dates; ensuring they integrate into the wider bank reference architecture and Group Security Architecture

Why join us?

From building a truly sustainable business to crafting a place where people love to work, we need colleagues who are up for the challenge and can match our pace. People who love to push boundaries, make change happen and challenge the status quo. Sound like you?

Requirements

  • Deep hands-on experience with application security capabilities and tooling and the ability to integrate them within modern CICD pipelines
  • Solid understanding of secure software development practises across the full SDLC, including agile and DevSecOps delivery models
  • Experience owning or significantly contributing to a vulnerability management programme at scale - including prioritisation methodology, metrics design and executive reporting
  • Proven ability to build trusted relationships with engineering and product teams - you are someone that engineering and developers want in the room, not someone they feel audited by
  • Experience with cloud-native application architectures - containers, microservices, serverless - and the security considerations specific to these environments
  • Familiarity with AI-integrated application risk - understanding the security implications of LLM integration, RAG architectures and AI-assisted development tooling
  • Strong written and verbal communication skills - able to translate technical risk into business language and vice versa

We know that great talent comes from many backgrounds. Whilst this job advert may reference specific years of experience, we recognise that skills are developed in many ways, so if you have relevant, transferable experience, we encourage you to apply.

Benefits & conditions

Our ambition is to be the leading UK business for diversity, equity and inclusion supporting our customers, colleagues and communities, and we're committed to creating an environment in which everyone can thrive, learn and develop.

We also offer a wide-ranging benefits package, which includes:

  • A generous pension contribution of up to 15%

  • An annual performance-related bonus

  • Share schemes including free shares

  • Benefits you can adapt to your lifestyle, such as discounted shopping

  • 30 days' holiday, with bank holidays on top

  • A range of wellbeing initiatives and generous parental leave policies

Apply for this position