Filter by category

Filter by type

Mobile Application Security Architect at Nutmeg

go back to Developer Jobs
  • London
  • fulltime

Who we are:

Nutmeg is the UK’s largest truly digital wealth manager, offering clarity and transparency to both seasoned and first-time investors as they seek to achieve their financial goals. Launched in September 2012, Nutmeg now manages over £4.5bn on behalf of over 200,000 clients who have sought the powerful combination of an easy-to-use, adaptable investment service and market-leading human advice. Nutmeg is a J.P. Morgan company offering investments and digital wealth management services to consumers, complementing Chase’s digital bank in the UK.

At a time when people are seeking the closer relationship with money that technology can provide, Nutmeg:

  • Has a team of over 240 employees
  • Offers award winning stocks and shares ISA, Junior ISAs and Lifetime ISAs, as well as a personal pensions and general investment accounts
  • Provides financial planning and advice alongside our award winning client services team

*We offer flexible working*

Job in a nutshell:

We run a pure AWS-based cloud environment and deliver features using a continuous delivery approach. Our platform comprises a mix of proprietary and open-source products fully running in Kubernetes.

Our engineering team is growing rapidly and we’re looking for experienced candidates for the position of application security architect for products security.

As an application security architect, you will perform application security reviews to identify application design flaws; Provide hands-on technical security guidance to protect our products from known and emerging threats, vulnerabilities, and intrusion attacks

What you’ll be doing, in collaboration with broader security and engineering teams:

  • Maintain an in-depth understanding of mobile app security standards (Android/ iOS) and backend services (microservices, APIs)
  • Define and evolve application security architecture and patterns based on enterprise reference architecture and threat landscape
  • Create security use, misuse, abuse cases, security test plans and acceptance criteria for product features
  • Integrate static and dynamic vulnerability checks for applications, open-source libraries, container registries, Kubernetes runtime workloads and APIs
  • Champion secure development practices and lead collaboration with engineers to identify application security risk mitigation techniques / priority fixes
  • Define/Maintain guidelines, standards, and baselines for application security and secure deployments
  • Research on future security technologies and develop secure migration roadmaps
  • Secure integration of digital application platforms with partner technology solutions

Requirements

  • Passion to learn and to contribute to ongoing maturity of security engineering function and development of the team
  • Make it easy for products, engineering and non-technical audience to embed appropriate level of security into ways of working
  • Mobile Apps Secure Design – Threat modelling and risk assessment tools / services (Code Hardening, App Hardening, Runtime Application Security Protection (RASP)), Security requirements engineering, Security architecture patterns (e.g. OAuth 2.0 / OIDC security standards), Security and Privacy by Design Principles
  • Security Verification – Architecture reviews, Requirements-driven testing, automation and embedding of security testing tools and frameworks into CI/CD tool chains
  • Strong understanding of mobile application attack methods, kill chain disruption techniques (MITRE Framework. - Mobile)
  • Security defect and vulnerability management (application and Mobile/ API pen testing exposure) - OWASP Top10/ SANS Top 25 Software Errors - Mobile security (Android & iOS)
  • Familiarity with DevSecOps frameworks – OpenSAMM v2/ DSOMM, NIST Cyber Security Framework (CSF), NIST 800-53, OWASP MASVS/MASTG (Webapps/Mobile Apps)
  • Exposure to architecting secure cloud services using AWS Well-architected framework
  • Solid understanding of the major global regulations, legislative and legal requirements (FCA, EU-GDPR)
You need to be logged in to apply. Login or create an account.
Is this job ad fake? Report it!   


other jobs at Nutmeg

Principal Engineer Nutmeg in SE11 5JH London Posted 147 days ago
Full-time job in Technology
Full-time job in Technology
Java Engineer / Java Developer Nutmeg in SE11 5JH London Posted 147 days ago
Full-time job in Technology
Full-time job in Technology
Senior Android Developer Nutmeg in London Posted 144 days ago
Full-time job in Technology
Full-time job in Technology
Principal Data Engineer Nutmeg in London Posted 144 days ago
Full-time job in Technology
Full-time job in Technology
DevOps Engineer Nutmeg in London Posted 144 days ago
Full-time job in Technology
Full-time job in Technology
Senior iOS Software Engineer Nutmeg in London Posted 144 days ago
Full-time job in Technology
Full-time job in Technology
Senior Java Engineer / Senior Java Developer Nutmeg in SE11 5JH London Posted 144 days ago
Full-time job in Technology
Full-time job in Technology
Senior DevOps Engineer Nutmeg in London Posted 144 days ago
Full-time job in Technology
Full-time job in Technology
Lead Data Engineer Nutmeg in London Posted 133 days ago
Full-time job in Technology
Full-time job in Technology
Front-End Engineer Nutmeg in London Posted 122 days ago
Full-time job in Technology
Full-time job in Technology
iOS Software Engineer Nutmeg in London Posted 122 days ago
Full-time job in Technology
Full-time job in Technology
Front-End Application Security Architect Nutmeg in London Posted 89 days ago
Full-time job in Technology
Full-time job in Technology
BackEnd Application Security Architect Nutmeg in London Posted 89 days ago
Full-time job in Technology
Full-time job in Technology
Mobile Application Security Architect Nutmeg in London Posted 89 days ago
Full-time job in Technology
Full-time job in Technology
Senior Backend Platform Engineer Nutmeg in London Posted 66 days ago
Full-time job in Technology
Full-time job in Technology
Front-End Principal Engineer Nutmeg in London Posted 14 days ago
Full-time job in Technology
Full-time job in Technology
Senior Front-End Engineer Nutmeg in London Posted 11 days ago
Full-time job in Technology
Full-time job in Technology