Application Security Architect contract

Job Description

The OpportunityAs an Organisation we are very much cloud first and Azure is our home. We are specifically seeking to hire an Application Security Architect to establish and permeate a Secure SDLC and secure by design approach and practice throughout all our software engineering teams.The successful candidate must have a good combination of technical, architecture and communication skills. They will work across a wide portfolio of applications, both legacy and new, covering a variety of development stack, software, services, APIs and systems. Embedded in our Software Engineering team, s/he will provide in depth and practical secure development expertise to engineering, InfoSec, Data, IT and other teams. They will lead in the creation of secure software design, build and delivery standards, policies and procedures and they will provide security advice to colleagues.They will be monitoring, in conjunction with our Security Analysts, the security health of our Application estate, as well as our external attack surface (Cloud and OnPrem), as well as producing reports and continuously recommending improvements in our software security practices and controls, external and internal.The role will involve:Core Responsibilities Design secure software development and delivery systems with objectives like speed, scalability, robustness, zero-trust, automation and supportability at the core. Ensure that the application estate is built, deployed/delivered and operated securely, according to industry standards, as well as our own. Provide expert software security advice (design, coding, testing, etc) to the Software Engineering community, to InfoSec, DevOPS and other colleagues. Do research and regularly consult with colleagues Deliver secure software development training (e.g. OWASP Top10) Co-work with Security Analysts and other colleagues on software vulnerabilities and security issues: determine scope, severity and potential impact, recommend next steps, follow through with risk treatment and mitigation. Escalate issues, appropriately, to various teams and levels of authority inside the organisation. Act as the first Point of Contact (POC) for all application / software security issues, vulnerabilities, events, anomalies, incidents and investigations.Additional Responsibilities Use primary and secondary data to produce analysis and reports, regular and ad-hoc. Present to senior and executive management on the status of our application estate and on the progress of our security plan.About YouYou will have: Advanced understanding and demonstrable practical experience with the SDLC (Software Development Lifecycle), e.g. in a Developer, SDET, Senior Tester/QA analyst, Application Architect, Product/API designer or similar role. - minimum 5 years of experience required; coding experience in more than one language from: C/C++/C#, .NET, .NET Core, Java, JavaScript, Node.js, Angular, React, etc. Good experience working with (understanding, preventing and remedying) security issues in software architecture, software development, e.g. static and/or dynamic code analysis and tools, software dependency checking, OWASP Top10 testing, application threat modelling, SEI CERT C / J, etc. Good experience working in an Agile software development environment, with classic applications as well as microservices, using modern code processing and continuous integration and delivery tools (e.g. GitHub, Jenkins, Bamboo, etc) Good expertise in taking security policy statements and translating them into actual, implementable, security controls and techniques that can make our software applications demonstrably more secure and robust. Good understanding of common information security management standards, frameworks, and laws / regulations: e.g. BSIMM, ISO 27001, GDPR, etc.Experience of open source security tools and how they could be used in an enterpriseWe are proud to be an equal opportunities employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.About UsLandmark Information Group is a portfolio of leading property-related data and technology businesses at the forefront of innovation and thought leadership. It delivers award-winning solutions to estate agency, conveyancing, surveying, lender valuations, environmental consultancy, and Governments. Capabilities range from property search provision, expert opinion and interpretation to conveyancing case-management, floor-planning software, valuation modelling and a property listings portal. Clients are served through market leading applications and services that connect businesses, government departments and consumers together - reducing risk, creating transparency and saving both time and money for all parties.As the UKs largest custodian of land, property and environmental data in the UK, using a combination of AI, machine learning and domain experts to provide marketing leading and trusted interpretation. Our data, backed by technology innovation and entrepreneurialism, make Landmark uniquely placed to lead the next wave of digital transformation in the markets we are passionate about.Whats it like to work for us We hire ambitious and passionate talent into our business and are proud of the steps we take to maximise potential in our employees, nurturing and supporting their professional and personal development. We all know money makes the world go around, but at Landmark we understand that financial rewards also mean more than cash. We believe that in order for our employees to flourish, its important to strike a healthy work/life balance. We provide modern, open-plan and light working environments. We also offer: Competitive Day rate Free fruit, biscuits, tea and coffee Challenging environment