Security Architect

Responsibilities

• Establish the Secure SDLC baseline for Non-COTS applications. Define the security guardrails for custom-built applications, including secure design reviews, threat modeling, secure coding requirements, code review expectations, release gates and security acceptance criteria.

• Set up application security testing coverage and governance. Define how SAST, DAST, SCA/library scanning, secrets scanning and dependency checks should be applied across Non-COTS applications, including tooling coverage, frequency, ownership and remediation workflow.

• Support reassessment of existing design and delivery models. Review current application architecture, delivery processes, authentication patterns, API exposure, data flows, third-party dependencies and legacy design risks to identify where hardening is required.

• Create practical security checklists and delivery guidance. Develop role-based checklists for product owners, developers, architects and application owners so teams understand what needs to be done before design approval, development, testing and go-live.

• Establish library and dependency hardening approach. Define how open-source and third-party libraries are inventoried, scanned, risk-rated, updated and exception-managed, including treatment of vulnerable or unsupported components.

• Set up security champion and developer support model. Help establish a security champion model for Non-COTS teams, including recurring support sessions, escalation paths, secure development guidance and a "one-stop shop" for AppSec questions.

• Create transparency on coverage, findings and remediation progress. Define reporting for SSDLC adoption, SAST/DAST/SCA coverage, open vulnerabilities, overdue remediation, accepted risks and exceptions, feeding results into the central risk-based security management process.

• Connect Non-COTS findings to risk treatment and program governance. Ensure security findings from design reviews, testing, policy checks and assessments are documented with owner, due date, treatment decision and escalation route where required.

Skills Required

• Cybersecurity expertise across application security and SDLC
• Secure SDLC and security guardrails for non-COTS / custom applications
• SAST, DAST, SCA, secrets scanning and dependency management
• Application architecture and delivery model review (APIs, data flows, auth, third parties)
• Security checklists, developer guidance and delivery controls
• Library and dependency hardening
• Security champion / developer support models
• Reporting, remediation tracking and risk governance

Title: Security Architect

Location: Remote - Europe

Client Industry: Telecomms

Ref ID

About Korn Ferry

Korn Ferry unleashes potential in people, teams, and organizations. We work with our clients to design optimal organization structures, roles, and responsibilities. We help them hire the right people and advise them on how to reward and motivate their workforce while developing professionals as they navigate and advance their careers. To learn more, please visit Korn Ferry at www.Kornferry.com