Application Security Architect

Bristol, UK
Come join an award-winning tech business in the heart of Bristol where we’re making the lives of retailers simpler by automating the back office.

Location: Bristol, UK

About the Role

As part of our mission to automate retail at scale, we are looking for an experienced Application Security Architect to join our growing team in the UK. Our security team is based in the UK and has a global responsibility to govern and guide the rest of the organisation in applying best practices.

The Application Security Architect will direct, validate and govern our secure design and coding practices. Reporting to the Head of Information Security and partnering with our accomplished Engineering team, you’ll have the opportunity to transform our development and operational practices using DevSecOps techniques. If you have experience in applying these techniques in a collaborative manner and want to join an organisation committed to security that supports rather than inhibits, then this could be a great opportunity for you.

Your day-to-day:

  • Develop secure architectural patterns for the development team to draw down on and use to guide their development and implementation.
  • Evangelize secure design principles and best practices.
  • Develop and execute engaging training programmes for software engineers, product managers, and test engineers.
  • Develop a SecDevOps toolchain in collaboration with DevOps engineers and the Infrastructure Security Architect.
  • Develop security testing strategies in collaboration with Test Engineers.
  • Keep up to date with current industry security threats, challenges, and mitigation techniques.
  • Perform code reviews to ensure adherence to best practices and inform training needs.
  • Perform assessments on third-party software and development teams to support investment and supply chain controls.

About You:

Technical Skills-

  • Not everyone follows the same route to this type of role. We’re happy to hear from you whether you have a Bachelor’s Degree in Computer Science, Information Security, Systems Engineering or related field or equivalent experience.
  • Professional certification or working towards certifications in information technology and cloud security:
    • CISSP, CISM or similar.
    • AWS Certification (Security Speciality).
  • 4+ years in application security, including experience designing secure systems.
  • 7+ years experience in software development, testing or similar role.
  • Experience with security tooling automation, particularly in regards to integrating security into the CI/CD lifecycle including SAST/DAST tools.
  • Experience using industry best practice risk assessment, threat modelling, and management methodologies

Ways of Working –

  • Enjoys working with others, both teaching and learning, to deliver positive outcomes that help us to achieve our shared goals.
  • Able to articulate security concepts and methods based on standards, policies and best practices to both technical and non-technical teams.
  • Excellent organisational skills and attention to detail, with proven ability to prioritise based on business needs and security relevance, and deliver high quality on time.
  • Tenacity to keep projects progressing through to completion, and works collaboratively to seek the way forward when unexpected challenges arise.
  • Manage change in a positive way, and help others to understand the rationale and buy into the change.

Not essential but ideally you’ll have –

  • Experience working to compliance criteria (SOC 2, ISO 27001 etc.).
  • Experience with Java+Spring development.
  • Experience developing secure applications using AWS services.

Ensuring a diverse and inclusive workplace where we collaborate and learn from each other is core to Brightpearl’s values. We welcome people of different backgrounds, experiences, abilities and perspectives. We are an equal opportunity employer and a supportive place to work.