At a Glance
- Tasks: Lead and shape Arrive's global application security strategy and standards.
- Company: Join a transformative company at the forefront of application security.
- Benefits: Competitive salary, flexible work options, and opportunities for professional growth.
- Other info: Collaborative environment with a focus on cutting-edge technology and AI integration.
- Why this job: Be a key player in securing innovative technologies and shaping the future of security.
- Qualifications: 10+ years in tech, with 7+ years in application security roles.
The predicted salary is between 60000 - 80000 £ per year.
The Application Security Architect is a senior, influential role responsible for orchestrating and leading Arrive’s global application security strategy. As a core member of the Global Security Architecture & Engineering team, you will act as the central driver for how we securely design, build, and deploy software across the company.
Your Mission
To elevate and unify our application security program at Arrive. Your mission is to be a force‑multiplier for our engineering teams, fostering a secure development culture that is built on a foundation of clear global standards, strong partnerships, and modern security practices. You will ensure that security is a shared goal and a collective achievement.
Key Responsibilities
- Application Security Strategy & Standards: Champion and orchestrate the definition of Arrive’s global Secure Software Development Lifecycle (SSDLC), from threat modeling to secure release, in close partnership with key stakeholders across Engineering and IT. Develop and maintain a comprehensive set of global security standards, baselines, and guidelines for secure coding, vulnerability management, and secure architecture. Create and champion the strategy for our application security tooling, including SAST, DAST, IAST, and Software Composition Analysis (SCA). Define and manage the application security standards for Mergers & Acquisitions, establishing clear requirements and guiding the architectural integration of acquired technologies.
- Technical Partnership & Enablement: Act as a lead security consultant and strategic partner for product and engineering teams, providing expert guidance on secure design patterns and vulnerability remediation. Forge a dynamic partnership with the Platform Security team: co-design the security tooling roadmap, consume their platforms where they meet global standards, and introduce new architectural patterns where needed. Lead security architecture reviews and threat modeling sessions for new applications and high‑risk features. Act as a senior mentor and advocate for security engineers and champions across the organization, helping to grow our security talent.
- Emerging Threats & Innovation: Stay at the forefront of emerging application security threats, with a particular focus on the risks associated with AI/ML systems. Collaborate with Data & AI teams to develop security principles and architectural patterns for securely integrating AI into our products. Drive innovation in our security practices, continuously seeking opportunities to automate and improve the effectiveness of our AppSec program. Lead the strategy for leveraging AI within the AppSec program, both to mature the SSDLC and to establish the secure‑by‑design principles required for our AI‑first engineering landscape.
What You Bring
- Deep AppSec Expertise: Extensive, hands‑on experience in application security, with mastery of the SSDLC, secure coding principles, and common vulnerability classes (OWASP Top 10, etc.).
- A Builder of Standards: Proven experience creating, documenting, and rolling out security standards, patterns, and best practices in a complex engineering environment.
- A Unifier and Partner: Exceptional ability to foster collaboration and influence engineering teams without direct authority. You build bridges, operate together, and break down silos.
- Strategic Thinker: Ability to see the big picture, define a long‑term strategy for application security, and translate it into an actionable plan.
- Modern Technologist: Strong understanding of modern software development practices, including cloud‑native architectures, CI/CD pipelines, containerization, and Infrastructure as Code.
Qualifications
- 10+ years of experience in technology, with at least 7 years in a dedicated application security or product security role.
- Demonstrated experience designing and implementing a Secure SDLC in a cloud‑native environment (GCP, AWS).
- Hands‑on experience with the architecture and strategy of AppSec tools (e.g., Snyk, Checkmarx, Veracode).
- Experience with securing microservices architectures, APIs, and modern web/mobile applications.
- Experience with securing AI/ML systems.
- A Bachelor’s degree in a relevant field or equivalent professional experience.
Why Join Arrive
Be the global leader and define the future of application security at a mission‑driven, transformative company. Operate as a senior expert within a strategic architecture team, with a broad mandate to influence security across all of Arrive’s products. Work at the cutting edge of securing technology, including multi‑cloud and AI‑driven mobility solutions.
Lead Application Security Architect employer: EasyPark
At Arrive, we pride ourselves on being an exceptional employer that champions innovation and collaboration in the field of application security. Our dynamic work culture fosters a sense of community and shared purpose, empowering employees to grow through mentorship and strategic partnerships while working at the forefront of technology. With a commitment to professional development and a focus on cutting-edge solutions, Arrive offers a unique opportunity for those looking to make a meaningful impact in a transformative environment.
StudySmarter Expert Advice🤫
We think this is how you could land Lead Application Security Architect
✨Get Involved in the Cybersecurity Community
Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!
✨Show Off Your Skills with Capture the Flag Competitions
Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including EasyPark, love seeing candidates who actively engage in these challenges.
✨Tailor Your Online Presence
Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!
✨Apply Directly Through EasyPark
Don’t forget to head straight to our website and check out any openings for cybersecurity roles at EasyPark. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.
We think you need these skills to ace Lead Application Security Architect
Some tips for your application 🫡
Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!
Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!
Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at EasyPark insight into your practical problem-solving abilities and makes your application memorable.
Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to EasyPark that you’re committed to staying ahead in the game.
How to prepare for a job interview at EasyPark
✨Sharpen Your Technical Skills
For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.
✨Prepare for Scenario-Based Questions
Expect the interviewers at EasyPark to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.
✨Highlight Your Certifications
Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at EasyPark.
✨Show Your Passion for Cybersecurity
Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.
