Application Security Architect

Client of Salt

You will take ownership of application security architecture across web, API, and microservices environments ensuring security is embedded from design through to deployment.

Working closely with engineering, DevOps, and security teams, you will define standards, lead threat modelling, and guide remediation strategies across complex, distributed systems.

Key Responsibilities:

• Define and drive application security architecture and strategy across the organisation
• Lead threat modelling and secure design reviews for new and existing systems
• Establish and enforce secure coding standards aligned to OWASP & industry frameworks
• Oversee SAST, DAST, SCA, and API security testing practices
• Provide architectural guidance across microservices, APIs, and containerised environments
• Act as a senior escalation point for critical vulnerabilities and remediation strategy
• Collaborate with DevOps teams to embed security into CI/CD pipelines (DevSecOps)
• Drive security governance, reporting, and compliance alignment (ISO 27001, NIST SSDF)

Experience Required:

• Proven experience in Application Security Architecture within enterprise environments
• Strong background in secure code review, vulnerability management, and threat modelling
• Deep understanding of OWASP Top 10, ASVS, and modern attack vectors
• Hands-on exposure to tools such as Fortify, Checkmarx, Burp Suite, Snyk, Trivy, etc.
• Experience securing APIs, microservices, and containerised platforms (Docker/Kubernetes)
• Strong knowledge of authentication and identity protocols (OAuth, JWT, SAML)
• Ability to engage senior stakeholders and influence engineering practices

What Makes This Role Interesting:

• High-visibility role within a large-scale, strategic programme
• Opportunity to shape security architecture from the ground up
• Exposure to modern cloud-native and microservices environments
• Working alongside leading engineering and cybersecurity teams