Lead Enterprise Application Security Architect Glocomms are partnered with a globally leading Wealth Management firm to assist in growing multiple areas of Cyber Security. We are searching for a Lead Enterprise Application Security Architect to drive security initiatives, focused on threat modeling, secure code review, and secure design review.
Key responsibilities:- Lead secure design reviews and threat modeling sessions for new projects, features, and architectural changes, ensuring compliance with industry standards, regulatory requirements, and internal security policies.
- Evaluate adherence to architectural standards, minimize technical debt, and adapt enterprise assets (systems, services, and data) for major programs.
- Partner with development teams to provide support and guidance in addressing security vulnerabilities identified during design, code reviews, and testing phases.
- Create and maintain secure reference architectures to guide the design and implementation of secure systems and applications, customized to the organization's specific technologies and needs.
- Collaborate with cross-functional teams, including development, infrastructure, and compliance, to integrate security practices into the software development lifecycle and infrastructure provisioning.
- Offer expert advice on security issues, including encryption, authentication, access control, and secure communication protocols.
- Keep up-to-date with industry trends, emerging threats, and best practices in security architecture and design, and evaluate their relevance to the organization's security strategy.
Experience required:- Bachelor's degree in Computer Science, Management Information Systems, or a related field, with at least 5+ years of relevant experience, or a combination of education, training, and experience as approved by Human Resources.
- Preferred: 7+ years of experience in security engineering, architecture, or a similar role, with a strong focus on threat modeling, secure design reviews, and vulnerability management.
- Solid understanding of web application security principles, secure coding practices, and common vulnerabilities (e.g., OWASP Top 10).
- Skilled in designing and implementing secure architectures for both on-premises and cloud environments (e.g., AWS, Azure).
- Demonstrated passion for protecting organizations from evolving threats.
- In-depth knowledge of authentication and authorization methods, including multi-factor authentication, step-up authentication, and single sign-on; familiarity with password-less solutions is a plus.
- Strong grasp of encryption methods, particularly certificate and token-based cryptography.
- Knowledgeable in network protocols.
- Experience with defense-in-depth strategies and incident response.
- Excellent communication skills, capable of engaging with a wide range of technical and business stakeholders.
- Experience in financial services is preferred but not required; the ability to quickly acquire relevant business knowledge is essential.