Senior Information Security Architect in London

hackajob is collaborating with BBC to connect them with exceptional tech professionals for this role.

Job Details

• Job Band: D
• Contract Type: Permanent
• Department: BBC Information Security
• Location: All UK (Remote based role)
• Proposed Salary Range: £75,000 - £85,000 depending on relevant skills, knowledge and experience.

The expected salary range reflects internal benchmarking and external market insights. We’re happy to discuss flexible working. If you’d like to indicate your preference in the application, there is no obligation to do so now. Flexible working will be part of the discussion at offer stage.

Purpose of the Role

The BBC Information Security Team works with BBC teams around the world to provide expert advice, review systems, and deal with threats. We ensure risks are identified, managed and mitigated. We are a multi‑disciplinary team who work together and with the rest of the business to ensure the BBC stays secure and our audience trust is protected.

You’ll be joining the Security Engineering & Architecture team in Information Security. The team’s focus is to ensure the BBC’s digital products and platforms are secure by leveraging our collective development and security experience. To ensure security requirements are considered and implemented, we work with product teams during the early stages of the SDLC and provide our expert technical advice to allow them to progress effectively. The team also designs, develops and deploys systems and processes to help teams understand the risks in their own systems.

Another key part of the team’s function is to foster relationships across the business and ensure that security issues are discussed and actioned rather than ignored. The team runs a large network of Security Champions across the BBC, focusing on awareness and education of technical security topics, which helps amplify Information Security’s effectiveness. The team also provides technical expertise to other areas of the wider Information Security Team and BBC.

Why Join the Team

The BBC reaches over half a billion people online every week. By joining this team you will help keep these systems secure. You’ll regularly collaborate with critical BBC product teams such as iPlayer, Sounds and News.

You’ll also get continual exposure to the latest security vulnerabilities, the new technologies teams are leveraging and the security considerations around these technologies. You’ll also become a key part in helping to evolve our digital security strategy and drive transformation within the BBC.

Responsibilities

• Architecture of Systems: Perform security risk assessments on BBC Digital Product environments at various stages of the Software Development Life Cycle (SDLC) and recommend security enhancements, remediation and mitigation strategies.
• Digital Policy & Guidance: Research and understand new security technologies, trends and threats related to BBC Digital Products and environments and use this research to provide technical and non‑technical guidance to both internal stakeholders and 3rd‑parties.
• Assist in running the BBC Security Champions network including facilitating sessions, engaging with champions, providing guidance around security queries and continuing to evolve the network.
• Support tactical initiatives to secure Digital Product environments for the BBC, including contributing to Information Security policies, procedures and standards.
• Develop and maintain relationships with Digital Product key suppliers, Digital Product staff, Security Champions and other stakeholders.
• Development: Peer with the rest of the InfoSec team to design, develop and deploy code for systems that assist the BBC InfoSec function and assist BBC teams to understand their current risk posture.
• Vulnerability Management: Support the processes around security issues identified in BBC Digital Product environments, including assisting with investigation, validation and revalidation.

Essential Criteria – Skills and Experience

• Familiarity with at least one coding language (e.g., Python, JavaScript) with demonstratable experience of taking an active role in designing and implementing digital software projects using these languages.
• Ability to convey complex technical knowledge and guidance, in written form and verbally, to multiple audiences including internal stakeholders and third parties.
• Demonstrable ability to break complex problems into tangible parts, self‑direct required learning and operate in a semi‑autonomous manner.
• Experience deploying systems and applications from code to a cloud environment (e.g., AWS).
• Demonstratable experience of a wide range of technical security knowledge and applying this to identify and remediate security issues in digital software products.

Desired but Not Required

• Experience of being involved in a community and taking an active lead in organising and facilitating.
• Experience with STRIDE Threat Modelling and mitigating issues from application security tooling would be ideal.

Next Steps

Your next step is to submit your application to this page. Your application will be reviewed at each stage and if suitable be progressed to the next stage. There are a total of 3 stages.

• Stage 1: Submit your online application.
• Stage 2: Complete a technical exercise remotely and submit your completed code to the hiring managers.
• Stage 3: Attending an interview.

Before your start date, you may need to disclose any unspent convictions or police charges, in line with our Contracts of Employment policy. This allows us to discuss any support you may need and assess any risks. Failure to disclose may result in the withdrawal of your offer.