Application Security Architect

Job Description

*This role can be based in our Bristol HQ on a hybrid basis, or remote within the UK*

About Brightpearl

We’re an award-winning tech business, recently named the Top UK SaaS Company to work for. Our UK HQ is located in Bristol, cited as being one of the fast growing technology hubs in the country.

Brightpearl is the number one digital operations platform (DOP) for brands and retailers. We manage everything ‘after the buy button’ so that our customers can focus on growing their business. “People First” is one of our core company values, so before we get too into your day to day, here’s a taster of what we bring to the table:

• The opportunity to work with talented people.
• A transparent leadership team.
• Flexible working and generous holiday allowances.

And that’s not all. Check out our perks and benefits to see what else we offer!

About the Role

As part of our mission to automate retail at scale, we are looking for an experienced Application Security Architect to join our growing team in the UK. Our security team is based in the UK and has a global responsibility to govern and guide the rest of the organisation in applying best practices.

The Application Security Architect will direct, validate and govern our secure design and coding practices. Reporting to the Head of Information Security and partnering with our accomplished Engineering team, you’ll have the opportunity to transform our development and operational practices using DevSecOps techniques. If you have experience in applying these techniques in a collaborative manner and want to join an organisation committed to security that supports rather than inhibits, then this could be a great opportunity for you.

Requirements

Your day-to-day:

• Develop secure architectural patterns for the development team to draw down on and use to guide their development and implementation.
• Evangelize secure design principles and best practices.
• Develop and execute engaging training programmes for software engineers, product managers, and test engineers.
• Develop a SecDevOps toolchain in collaboration with DevOps engineers and the Infrastructure Security Architect.
• Develop security testing strategies in collaboration with Test Engineers.
• Keep up to date with current industry security threats, challenges, and mitigation techniques.
• Perform code reviews to ensure adherence to best practices and inform training needs.
• Perform assessments on third-party software and development teams to support investment and supply chain controls.

About You:

Technical -

• Not everyone follows the same route to this type of role. We’re happy to hear from you whether you have a Bachelor's Degree in Computer Science, Information Security, Systems Engineering or related field or equivalent experience.
• Professional certification or working towards certifications in information technology and cloud security:
  • CISSP, CISM or similar.
  • AWS Certification (Security Speciality).
• 4+ years in application security, including experience designing secure systems.
• 7+ years experience in software development, testing or similar role.
• Experience with security tooling automation, particularly in regards to integrating security into the CI/CD lifecycle including SAST/DAST tools.
• Experience using industry best practice risk assessment, threat modelling, and management methodologies

Ways of working -

• Enjoys working with others, both teaching and learning, to deliver positive outcomes that help us to achieve our shared goals.
• Able to articulate security concepts and methods based on standards, policies and best practices to both technical and non-technical teams.
• Excellent organisational skills and attention to detail, with proven ability to prioritise based on business needs and security relevance, and deliver high quality on time.
• Tenacity to keep projects progressing through to completion, and works collaboratively to seek the way forward when unexpected challenges arise.
• Manage change in a positive way, and help others to understand the rationale and buy into the change.

Not essential but ideally you’ll have -

• Experience working to compliance criteria (SOC 2, ISO 27001 etc.).
• Experience with Java+Spring development.
• Experience developing secure applications using AWS services.

Benefits

Brightpearl Perks

• You’ll be joining one of the top UK SaaS Companies based in central Bristol - named top city to live in
• We offer a competitive salary, stock options and a pension matching scheme
• 25 days of annual leave, plus long service awards and volunteering days to give back to the community
• We promote health and well-being through comprehensive medical, dental insurance packages with Vitality, Bupa and HealthShield and subsidised gym memberships
• We support work-life balance through flexi-time and working from home opportunities
• Opportunity to collaborate and share success through company wide socials and All Hands

Brightpearl is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veterans status, age, or any other characteristic protected by law.