Description:
Insight Investment is looking for an Application Security Architect to join our Cyber Security team in Manchester. This role focuses on embedding security into the software development lifecycle and driving DevSecOps practices across engineering teams. The ideal candidate will have a strong technical background in application security, secure coding, and automation within CI/CD pipelines.
Role Responsibilities
- Collaborate with development, DevOps, and architecture teams to integrate security into the SDLC
- Design and implement secure coding practices and threat modelling processes
- Lead the integration of security tools into CI/CD pipelines (e.g., SAST, DAST, SCA, IAST)
- Conduct security assessments of applications, APIs, and microservices
- Develop and maintain security standards, guidelines, and automation scripts
- Provide guidance on secure design patterns and architecture decisions
- Promote a DevSecOps culture and continuous security improvement across development and architecture team
Experience Required
- Strong understanding of application security principles (e.g., OWASP Top 10, CWE)
- Experience with secure coding in languages such as Java, Python, JavaScript, or .NET. (.NET and Python are preferable)
- Hands-on experience with one of each or more security tools:
- Static Analysis (SAST): Veracode (preferable), Checkmarx, Fortify, etc
- Dynamic Analysis (DAST): Veracode (preferable), Burp Suite, OWASP ZAP, etc
- Software Composition Analysis (SCA): Veracode (preferable), Snyk, Black Duck, etc
- Container Security: Aqua Security (preferable), Prisma Cloud, etc
- Familiarity with CI/CD tools (e.g., Github Actions, Teamcity, Octopus, Azure DevOps)
- Knowledge of containerised environments and their security best practices (Docker, Kubernetes)
- Knowledge of cloud security (Azure) and infrastructure-as-code (Terraform, CloudFormation)
- (Preferable) Experience with threat modeling tools (e.g., Threat Dragon, IriusRisk)