Security Architect

We are currently looking for a Security Architect/Design Engineer with specific experience in Application Security. This is to join an existing team with one of our financial services clients.

Applicants will need to attend a client office 3 days per week; location can be a choice of Edinburgh/Sheffield/Birmingham/Manchester.

The role will involve managing end-to-end solution design and delivering design documents in line with functional and non-functional business requirements, strategies, principles, standards, and patterns. Alongside the creation of high-level designs, you will be required to publish new architecture patterns, key decisions, design deviations, and technical risks and issues where appropriate.

Significant experience and proven technical depth within application security -

• Hands-on experience securing modern application architectures (microservices, cloud-native, containerized environments).
• Knowledge of SCA tools and methodologies (e.g., dependency analysis, open-source license compliance, vulnerability triage, supply-chain risk management).
• Deep experience implementing and optimising AST capabilities, including SAST, DAST, IAST, MAST and container/K8s security scanning.
• Demonstrated success designing and integrating security testing pipelines within CI/CD environments (GitHub Actions, GitLab, Jenkins, Azure DevOps, etc.).
• Strong background in threat modelling, secure SDLC design, and establishing risk-based security policies for code, dependencies, and build systems.
• Ability to evaluate, select, and architect AppSec technologies, including enterprise SCA/AST platforms, SBOM solutions, and vulnerability management workflows.
• Experience collaborating with engineering teams to prioritize and remediate vulnerabilities, provide secure coding guidance, and enable developer-centric security practices.
• Familiarity with industry frameworks and standards (OWASP SAMM, ASVS, CSA, NIST SSDF, supply-chain security frameworks such as SLSA).
• Experience across vulnerability and exposure management including detection, analysis, management and resolution activities.

Experience within network security -

• Segmentation and Micro-Segmentation and it’s effects on vulnerability scanning.
• Defining and enforcing policies for secure network operations and appropriate access for vulnerability scanning.
• Establishing appropriate logging for the monitoring and analysis of network traffic to detect and respond to threats.

Broad background across information technology with the ability to communicate clearly with non-security technical SMEs at a comfortable level

Experience and understanding of both the roles and interlock between enterprise & solution architecture

Experience in both operational and transformation cybersecurity roles or a clear working understanding of both perspectives

Experience working in large-scale IT transformation programmes

Ability to manage separation of control from technical design authority responsibilities - represent Cyber Services at technical and security design authorities to ensure that solutions are secure.

Experience ensuring compliance with security controls to identify control gaps, develop remediation plans and determine residual risk across both local and national programmes.

Platform & Technology

• Experience with Checkmarx, Invicti, Snyk, BlackDuck, Tenable, or other related Application Security
• BizzDesign, Archi, or generic UML visualisation experience for high-level designs
• High proficiency and expertise in Jira for project & tasks management
• Working proficiency in Confluence for documentation

Architecture & Design

• Provide assurance, support and oversight of solutions designs and support the engineering teams in delivering and executing strategic technology deployments.
• Ensure solution designs align to published reference architecture.
• Provide technical expertise & consultation to transformative programmes of work within their security domain.
• Clear understanding of both the motivations of the business and technical security.
• Promote strong documentation and clerkship.

Governance

• Willingness and ability to present reference architecture to design authorities and articulate deep technical concepts to a broad range of stakeholders in both large forums and smaller deep-dive sessions.
• Ensures all reference architecture, high-level designs, architecture patterns, decision records, deviation requests, and technical risks or issue records undergo architectural and project governance processes.
• Ensure all architecture artefacts undergo appropriate peer review prior to design authority presentation.
• Present publications at technical design authorities for input, feedback, and approval.

Risk and Dependency Management

• Effectively manages and escalates both technical and project risks or issues.
• Articulates solutions and remediation steps to technical risks & issues.
• Ability to map design decisions to resultant technical risks & issues to articulate the cause and rationale which leads to any negatively impacting change.

Security Design Engineers will work with stakeholders including the relevant enterprise architect to ensure design decisions in delivery align to strategic direction.

Security Design Engineers should be comfortable presenting and sharing solutions at design authorities and senior leadership & stakeholders.

Provide technical thought leadership and direction to their aligned projects and may stand in as subject matter experts and consultants related programmes.

Contract will be inside IR35. Role will be hybrid, 3 days per week in the client office, any of Edinburgh/Sheffield/Birmingham/Manchester.