Application Security Architect

Landmark Information Group is a portfolio of leading property-related data and technology businesses at the forefront of innovation and thought leadership. It delivers award-winning solutions to estate agency, conveyancing, surveying, lender valuations, environmental consultancy, and Governments. Capabilities range from property search provision, expert opinion and interpretation to conveyancing case-management, floor-planning software, valuation modelling and a property listings portal. Clients are served through market leading applications and services that connect businesses, government departments and consumers together - reducing risk, creating transparency and saving both time and money for all parties.

As the UK’s largest custodian of land, property and environmental data in the UK, using a combination of AI, machine learning and domain experts to provide marketing leading and trusted interpretation. Our data, backed by technology innovation and entrepreneurialism, make Landmark uniquely placed to lead the next wave of digital transformation in the markets we are passionate about.

What it's like to work at Landmark:

We're a friendly, dynamic and supportive team. We encourage passion, ambition and collaboration, both in our performance as a team and individually. New ideas are encouraged. We actively promote involvement in the development and direction of our products and services, as well as finding more efficient ways to work. We also love a good work social and team building events. As well as this we offer:

• Competitive salary
• 25 days’ holiday, with optional 5 days unpaid leave per year
• Free parking
• Annual lifestyle allowance of £300 to put towards an activity of your choice
• Cycle to Work scheme and Gym Flex scheme
• Internal coaching/mentoring system throughout your time here
• Focus on training and career progression
• Happy to talk about flexible working
• Free fruit, biscuits, tea and coffee.

We are proud to be an equal opportunities employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.

As an Organisation we are very much ‘cloud first’ and Azure is our home. We are specifically seeking to hire an Application Security Architect to establish and permeate a Secure SDLC and ‘secure by design’ approach and practice throughout all our software engineering teams.

The successful candidate must have a good combination of technical, architecture and communication skills. They will work across a wide portfolio of applications, both legacy and new, covering a variety of development stack, software, services, API’s and systems. Embedded in our Software Engineering team, s/he will provide in depth and practical secure development expertise to engineering, InfoSec, Data, IT and other teams. They will lead in the creation of secure software design, build and delivery standards, policies and procedures and they will provide security advice to colleagues.

They will be monitoring, in conjunction with our Security Analysts, the security health of our Application estate, as well as our external attack surface (Cloud and OnPrem), as well as producing reports and continuously recommending improvements in our software security practices and controls, external and internal.

The role will involve:

Core Responsibilities

• Design secure software development and delivery systems with objectives like speed, scalability, robustness, zero-trust, automation and supportability at the core.
• Ensure that the application estate is built, deployed/delivered and operated securely, according to industry standards, as well as our own.
• Provide expert software security advice (design, coding, testing, etc) to the Software Engineering community, to InfoSec, DevOPS and other colleagues.
• Do research and regularly consult with colleagues
• Deliver secure software development training (e.g. OWASP Top10)
• Co-work with Security Analysts and other colleagues on software vulnerabilities and security issues: determine scope, severity and potential impact, recommend next steps, follow through with risk treatment and mitigation.
• Escalate issues, appropriately, to various teams and levels of authority inside the organisation.
• Act as the first Point of Contact (POC) for all application / software security issues, vulnerabilities, events, anomalies, incidents and investigations.

Additional Responsibilities

• Use primary and secondary data to produce analysis and reports, regular and ad-hoc.
• Present to senior and executive management on the status of our application estate and on the progress of our security plan.

You will have:

• Advanced understanding and demonstrable practical experience with the SDLC (Software Development Lifecycle), e.g. in a Developer, SDET, Senior Tester/QA analyst, Application Architect, Product/API designer or similar role. – minimum 5 years of experience required; coding experience in more than one language from: C/C++/C#, .NET, .NET Core, Java, JavaScript, Node.js, Angular, React, etc.
• Good experience working with (understanding, preventing and remedying) security issues in software architecture, software development, e.g. static and/or dynamic code analysis and tools, software dependency checking, OWASP Top10 testing, application threat modelling, SEI CERT C / J, etc.
• Good experience working in an Agile software development environment, with classic applications as well as microservices, using modern code processing and continuous integration and delivery tools (e.g. GitHub, Jenkins, Bamboo, etc)
• Good expertise in taking security policy statements and translating them into actual, implementable, security controls and techniques that can make our software applications demonstrably more secure and robust.
• Good understanding of common information security management standards, frameworks, and laws / regulations: e.g. BSIMM, ISO 27001, GDPR, etc.

Experience of open source security tools and how they could be used in an enterprise

We are proud to be an equal opportunities employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.