Application Security Architect – London – 90k

Full Time City and County of the City of London IT Job Pro UK

Application Security Architect(Hand-On) is required by a Global Provider of Marketing Solutions to be based in their London Office paying to £90,000.

The Application Security Architect will be responsible for reviewing applications to secure the critical IT assets in line with industry security practices and in compliance with standards, policies, procedures and security architecture. You will lead and be required to assess the security of applications including those built by in house developers – throughout their lifecycle, from requirement gathering, design, build, procurement and update, to ensure compliance, while enabling the business to meet the requirements of the information security technology architecture, strategy and baseline. You will need a strong technical background and a deep understanding of application security

The ideal candidate will be an ex Software Engineer, or Developer who has been heavily involved with application security and idely will have worked within the media or marketing sector previously.

Essential Knowledge Required

– Experience dealing with Security Architecture in particular Application Security

– Knowledge of compliance frameworks & security management standards (ISO 27001, COBIT, NIST CSF, PCI-DSS)

– Proven ability to interface across a global organization with other teams, such as EIS Engineering and Security, Corporate Applications, Enterprise Applications, Internal Audit, agency CIOs, and agency security teams and compliance coordinators

– Strong experience of using web dynamic application security testing (DAST) tools such as Burp Suite, OWASP ZAP and Checkmarx, and of providing recommendations to mitigate vulnerabilities

– Experience of web server, web application and API security and remediation. In-depth knowledge of OWASP Top-10 security risks and how to address them

– Experience of reviewing and contributing to corporate security architecture frameworks

– Working knowledge of best practices/standards (PCI DSS, HIPAA, State data breach laws) for implementing application-level data encryption

– Knowledge of Amazon Web Services & Microsoft Azure cloud platforms

– Knowledge of core security networking concepts like TLS, SSH, DNS, firewalls

-Experience of data security solutions such as encryption, hashing, digital signatures, data tokenization and masking

– Experience of penetration testing methods, of interpretation of penetration test reports, and of recommendations to address findings

Apply Now

To apply for this job please visit itjobpro.co.uk.