The Application Security Architect is an enabler for the wider team that engineers security solutions and provides security assurance within infrastructure projects and application developments. Key stakeholders include delivery services architects, project managers, heads of delivery, platform and central functions. It is an early imperative that the Application Security Architect achieves the status of trusted business partners, engaging with business units and central functions at the planning stage of Betfair change, seeking regular feedback from stakeholders and demonstrating positive contributions to business initiatives.
In this role, you will work closely with project teams throughout the organization ensuring security is thought about and delivered early in the project lifecycle. You will often be supporting multiple projects simultaneously and will have to ensure timely delivery of security inputs. You will also help design standards and controls necessary to ensure the security of information systems assets, including the prevention of intentional & inadvertent access, modification, disclosure, or destruction.
The role also involves interacting with development teams to ensure that production web and mobile applications are implemented with security in mind. Typical engagements involve conducting architectural / design reviews, code reviews, and penetration tests, tracking new requirements and recommending improvements. The Application Security team is responsible for the security of all Betfair applications developed internally or externally.
As a trusted business partner you will provide insightful and timely security advice that enables Betfair business initiatives to move at pace whilst ensuring risks are clearly articulated and appropriately managed.
Understand the architecture of production systems, their interactions and identifying the security controls in place and how they are used;
Support for all software security services (threat analyses, design review, assessments) and improvements to related services (risk advisory, incidents/investigations);
Develop plans for security technologies that integrate effectively with other aspects of the technical infrastructure;
Understand and provide advice on using Static Application Security Testing (SAST) tools to development teams in the deployment pipeline;
Contribute to automating certain security tasks within the Continuous Delivery (CD) pipeline;
Work as part of software development teams to provide security guidance and promote a security mindset
Use and promote software, systems and operational security design methodologies and standards
Research and evaluate emerging technologies to detect, mitigate, triage, and remediate software security defects across the enterprise.
Liaise with development managers, security champions and quality assurance teams in the planning of projects to ensure security input is given and that security reviews are included in a project schedule;
Equivalent practical experience or Bachelor’s degree in Computer Science, Computer Engineering, Electrical and Communications or related technical disciplines.
Work experience in a security capacity.
Experience analyzing and implementing security systems, e.g., access controls, penetration testing, web application security testing, vulnerability scanning, threat modeling, etc.
Coding experience in one or more general-purpose languages.
Programming experience in Java or Python.
Experience with cloud infrastructure and services.
Experience in security engineering, security architecture, or consulting.
Strong communication and documentation skills.
Flexible working is our way of working! We’re a diverse workforce and therefore a ‘one size fits all’ approach isn’t necessarily best. Whatever your personal needs may be, let’s have a chat and see how we can accommodate them.