Providing security design services for application development teams and project delivery teams
Advising key stakeholders on application security features during requirements, design and development stages, secure design and development best practice for application development teams and providing SME-level application security consultancy and best practice advise for enterprise application development and technology solution delivery teams
Enabling and improving the security of application solutions developed within the Group working with application development and project teams, Group CISO, IT security team and business stakeholders
Consulting with relevant stakeholders to understand the risk profile of proposed solutions in line with business requirements for storage and processing and ensuring appropriate security design considerations during evaluation, selection, installation, development, and configuration of solutions
Identify architectural and other security risks associated with applications and composite solution, recommend, and ensure implementation of appropriate risk mitigations and compensating controls where necessary
Skills and abilities needed to perform role
Strong overall solution analysis and design skills with strong business and commercial acumen and good understanding of SEI ATAM (Architecture Trade-off Analysis Method) and ability to apply trade-off analysis in practice (balancing risks, costs, quality, time)
Strong full-SDLC experience secure SDLC skills and practical experience of Software Assurance Maturity Model (SAMM) and OWASP best practice in software development and composite solution development teams
Strong overall technical, infrastructure, cloud and security architecture skills including good understanding and awareness of IT service management (e.g. ITIL) and IT governance (e.g. CoBIT) frameworks
Knowledge and Experience
Minimum of 3 years of experience in software development roles
10+ years of industry experience in security architecture roles
Minimum of 5 years of secure design experience, with focus on security design for cloud deployed applications (public, private, IaaS, PaaS and SaaS)
Minimum of 3 years of experience with security design for multi-cloud, micro-services architectures including experience of security design for global, multi-regulatory compliant applications
Application security architecture knowledge of Salesforce and/or 3rd party Salesforce application (on Force.com)
CISSP-ISSAP (Information Systems Security Architecture Professional) and/or
Either CREST Registered Technical Security Architecture (CRTSA) certification (or evidence of training or self-learning comparable to CRTSA or equivalent certification) or GIAC Defensible Security Architecture (GDSA) certification (or evidence of training or self-learning comparable to GDSA or equivalent certification)
Salesforce System Architect certification for Identity and Access Management and Sharing and Visibility designer certification) and/or Microsoft Certified Azure Security Engineer Associate certification (or evidence of training or self-learning comparable to CRTSA or equivalent certification)
