Lead Application Security Architect in London

We’ve signed up for an ambitious journey. Join us! As Arrive, we guide customers and communities towards brighter futures and more livable cities. Our people and our values help us make it happen. We Arrive Curious, Focused and Together.

Role Summary

The Application Security Architect is a senior, influential role responsible for orchestrating and leading Arrive’s global application security strategy. As a core member of the Global Security Architecture & Engineering team, you will act as the central driver for how we securely design, build, and deploy software across the company.

Your primary focus is to unite our efforts by creating, standardizing, and scaling our Secure Software Development Lifecycle (SSDLC) globally. This involves building upon the expertise and best practices that already exist within our teams and forging a powerful partnership with the Platform Security team in Engineering. You will lead by unifying—setting global standards that empower our developers and security engineers and ensuring the security of our next generation of products and platforms.

Your Mission

To elevate and unify our application security program at Arrive. Your mission is to be a force-multiplier for our engineering teams, fostering a secure development culture that is built on a foundation of clear global standards, strong partnerships, and modern security practices. You will ensure that security is a shared goal and a collective achievement.

Key Responsibilities

• Application Security Strategy & Standards: Champion and orchestrate the definition of Arrive’s global Secure Software Development Lifecycle (SSDLC), from threat modeling to secure release, in close partnership with key stakeholders across Engineering and IT. Develop and maintain a comprehensive set of global security standards, baselines, and guidelines for secure coding, vulnerability management, and secure architecture. Create and champion the strategy for our application security tooling, including SAST, DAST, IAST, and Software Composition Analysis (SCA). Define and manage the application security standards for Mergers & Acquisitions, establishing clear requirements and guiding the architectural integration of acquired technologies.
• Technical Partnership & Enablement: Act as a lead security consultant and strategic partner for product and engineering teams, providing expert guidance on secure design patterns and vulnerability remediation. Forge a dynamic partnership with the Platform Security team: co-design the security tooling roadmap, consume their platforms where they meet global standards, and introduce new architectural patterns where needed. Lead security architecture reviews and threat modeling sessions for new applications and high-risk features. Act as a senior mentor and advocate for security engineers and champions across the organization, helping to grow our security talent.
• Emerging Threats & Innovation: Stay at the forefront of emerging application security threats, with a particular focus on the risks associated with AI/ML systems. Collaborate with Data & AI teams to develop security principles and architectural patterns for securely integrating AI into our products. Drive innovation in our security practices, continuously seeking opportunities to automate and improve the effectiveness of our AppSec program. Lead the strategy for leveraging AI within the AppSec program, both to mature the SSDLC and to establish the secure-by-design principles required for our AI-first engineering landscape.

What You Bring

• Deep AppSec Expertise: Extensive, hands-on experience in application security, with mastery of the SSDLC, secure coding principles, and common vulnerability classes (OWASP Top 10, etc.).
• A Builder of Standards: Proven experience creating, documenting, and rolling out security standards, patterns, and best practices in a complex engineering environment.
• A Unifier and Partner: Exceptional ability to foster collaboration and influence engineering teams without direct authority. You build bridges, operate 'together', and break down silos.
• Strategic Thinker: Ability to see the big picture, define a long-term strategy for application security, and translate it into an actionable plan.
• Modern Technologist: Strong understanding of modern software development practices, including cloud-native architectures, CI/CD pipelines, containerization, and Infrastructure as Code.

Qualifications

• 10+ years of experience in technology, with at least 7 years in a dedicated application security or product security role.
• Demonstrated experience designing and implementing a Secure SDLC in a cloud-native environment (GCP, AWS).
• Hands-on experience with the architecture and strategy of AppSec tools (e.g., Snyk, Checkmarx, Veracode).
• Experience with securing microservices architectures, APIs, and modern web/mobile applications.
• Experience with securing AI/ML systems.
• A Bachelor’s degree in a relevant field or equivalent professional experience.

Why Join Arrive

Be the global leader and define the future of application security at a mission-driven, transformative company. Operate as a senior expert within a strategic architecture team, with a broad mandate to influence security across all of Arrive’s products. Work at the cutting edge of securing technology, including multi-cloud and AI-driven mobility solutions.