Security Architect
2 months ago
The role will focus on helping teams adopt refreshed approaches to security requirement identification, threat modelling, coding standards, and security testing, with a focus on applying these concepts to traditional and modern infrastructure in green-field and existing deployments. This will involve taking insight from these activities to advise and construct the 'middleware' that makes the right security choices easier to make and implement for responsible teams.
As our GRC world evolves, this role will play a pivotal role in maintaining alignment between SDL and policies, standards and guidelines, using a common security framework to apply consistency.
This position will also contribute to our general capacity for security consulting and reviews, including assisting GRC teams where required.
Responsibilities- Maintain and develop standards and guidance that builds SDL maturity in the IT team
- Help traditional infrastructure teams develop strategies for meeting the spirit of SDL requirements, pushing towards use of automation, infrastructure-as-code, & DevOps methods rather than manual or golden image techniques
- Develop implementation-specific architecture templates that meet security requirements expressed in policy and standards
- Assist with security reviews of and technical recommendations into high-level and low-level designs where required
- Assist with GRC consultation queries where required
- Invest in others, including application development and infrastructure teams, to support business applications and processes in new ways
- Afford mentorship regarding solutions and concepts
- Further a culture of innovation within the architecture and broader IT team
- Ability to align security frameworks with organisation security policies, and to craft corresponding security controls (whether implemented by technology or process)
- Proven experience implementing SDL in non-software contexts, including infrastructure
- Experience with Infrastructure-as-Code (IaC) and automation through DevOps, and tools such as Jenkins, Terraform, and Ansible
- Prior experience working with recognised security frameworks from ISO, NIST, etc, and with neutral / harmonisation frameworks like UCF (Unified Compliance Framework)
- Solid technical understanding of both on-premise infrastructure (network, platform, network-based storage, OS, virtualisation), cloud infrastructure (AWS, GCP, Azure, and others), and technologies found in both (e.g. docker, Kubernetes)
- Bachelor's degree in computer science, information technology, or a related field; or equivalent experience/professional/industry certifications
- Understanding of identity & access management for both people & systems
- Understanding of software engineering
- Exposure to large enterprise platforms such as SAP and Salesforce
- Knowledge of Arm based compute & software
- Relevant industry / vendor certifications
- A passion for optimisation and automation, and a desire to motivate change
- Strong motivation and drive, with the ability to operate across multiple projects simultaneously, including those that span geographies
We offer exciting and interesting work in global and diverse team. Arm's growth trajectory will ensure career progression and the opportunity to have a significant impact on our success.