My Shortlist

Your shortlisted jobs will appear here. To view your shortlist, please login or register

More Jobs Like This
DATE ADDED: Fri 16/03/2018

Application Security Architect

Bromley, UK


JOB TYPE: Permanent


At Direct Line Group, we're shaping the future. With a mission to make insurance easier and better value for our customers, we embrace change in all its richness and variety. It's not just what we do; it's how we do it. We bring our whole selves to work every day and embrace fresh thinking - after all, Britain is constantly changing and to protect the nation, we adapt with it.

Across our diverse brands - including Direct Line, Churchill, Privilege and Green Flag - change takes many forms. We appreciate the knowledge and skills that each one of us brings to the business. It's hard not to be inspired by the things that make us unique. Boldness, curiosity and enthusiasm go a long way. And they're helping us transform the industry we lead.

The Application Security Architect is a direct report of the Head of Security Architecture, sitting within our Chief Information Security Office. This role is responsible for the security architecture of DLG's applications. It acts as a key technical authority on applications and solution design activity, ensuring standardisation and consistency in the definition and application of security principles and ensuring that security is built in by design.

What Being an Application Security Architect Involves;

The role is responsible for supporting the Head of Security Architecture with the following functional objectives:

  • Adopting innovative security architectural approaches and reviewing security architectural designs.
  • Creating, reviewing and enforcing security design patterns to support architecture.
  • Strategically collaborating with DLG enterprise architecture to anticipate and plan for future DLG business requirements.
  • Working collaboratively with Security Consulting and Security Enablement to support business change projects.
  • Responsible for the Application Security Architecture within DLG.
  • Responsible for defining the mid to long term application security strategy to protect the organisation from misuse and attack.
  • Responsible for working with applications vendors (including web application firewall vendors) to ensure DLG and vendor security roadmaps are aligned.
  • Responsible for ensuring that all application security designs, blueprints and artefacts are maintained and adhere to good practice.
  • Responsible for identifying, recommending and approving application changes to achieve compliance with security policies and the enterprise security architecture blueprints and roadmaps.
  • Responsible for understanding and assessing applications from both a technical and business function perspective.
  • Responsible for developing and maintain relationships with various stakeholders, including Technology Services and IT Risk.

Skills and Qualities You'll Need;

  • Detailed in-depth application architecture skills and knowledge including presentation, application, messaging, data and network layers.
  • Knowledge of architecture and security architecture good practice frameworks such as TOGAF and SABSA.
  • In-depth knowledge of the OWASP top 10 vulnerabilities (exploitability, prevalence, detectability as well as understanding of business and technical impacts, attack vectors and relevant threat actors).
  • Experience working with application firewalls.
  • Communicate and present concisely and effectively based on appropriate level of management interaction.
  • Knowledge of enterprise grade technologies including operating systems, databases and web applications.


  • Undergraduate degree (preferably 2:1 or higher) in a relevant field (e.g. Computer Engineering, Computer Science, Information Security) or in a STEM major (Science, Technology, Engineering, or Math) is strongly preferred and a Master's degree in relevant field is desired.
  • Security accreditations such as CISM, CISSP, M.Inst.ISP, CGEIT, CISA by a recognised professional body are required.
  • CREST CRT, CCT or other relevant and recognised qualification or certification is desirable
  • Architecture certifications such as TOGAF, SABSA, Zachman are required.

Role: Application Security Architect
Job Type: Permanent
Location: Bromley, Kent, South East

Apply for this job now.