Lead Enterprise Application Security Architect

Glocomms are partnered with a globally leading Wealth Management firm to assist in growing multiple areas of Cyber Security. We are searching for a Lead Enterprise Application Security Architect to drive security initiatives, focused on threat modelling, secure code review, and secure design review.

Key responsibilities:

• Lead secure design reviews and threat modeling sessions for new projects, features, and architectural changes, ensuring compliance with industry standards, regulatory requirements, and internal security policies.
• Evaluate adherence to architectural standards, minimize technical debt, and adapt enterprise assets (systems, services, and data) for major programs.
• Partner with development teams to provide support and guidance in addressing security vulnerabilities identified during design, code reviews, and testing phases.
• Create and maintain secure reference architectures to guide the design and implementation of secure systems and applications, customized to the organization's specific technologies and needs.
• Collaborate with cross-functional teams, including development, infrastructure, and compliance, to integrate security practices into the software development lifecycle and infrastructure provisioning.
• Offer expert advice on security issues, including encryption, authentication, access control, and secure communication protocols.
• Keep up-to-date with industry trends, emerging threats, and best practices in security architecture and design, and evaluate their relevance to the organization's security strategy.

Experience required:

• Bachelor's degree in Computer Science, Management Information Systems, or a related field, with at least 5+ years of relevant experience, or a combination of education, training, and experience as approved by Human Resources.
• Preferred: 7+ years of experience in security engineering, architecture, or a similar role, with a strong focus on threat modeling, secure design reviews, and vulnerability management.
• Solid understanding of web application security principles, secure coding practices, and common vulnerabilities (e.g., OWASP Top 10).
• Skilled in designing and implementing secure architectures for both on-premises and cloud environments (e.g., AWS, Azure).
• Demonstrated passion for protecting organizations from evolving threats.
• In-depth knowledge of authentication and authorization methods, including multi-factor authentication, step-up authentication, and single sign-on; familiarity with password-less solutions is a plus.
• Strong grasp of encryption methods, particularly certificate and token-based cryptography.
• Knowledgeable in network protocols and topologies.
• Experience with defense-in-depth strategies and incident response.
• Excellent communication skills, capable of engaging with a wide range of technical and business stakeholders.
• Experience in financial services is preferred but not required; the ability to quickly acquire relevant business knowledge is essential.