Application Security Architect

We are working for an energy global company which is fully committed to bringing their client’s innovative projects to life, breaking boundaries to accelerate the energy transition for a better tomorrow.

Operating globally and composed of +15K people, they are seeking for a Application Security Architect in Barcelona, who will work for global projects.

She/he will report directly to the Global Senior Architecture Manager and is accountable to setup the global Cibersecurity principles defined by Ciber Security Department.

Responsibilities:

• Be responsible for defining and implementing security architectures for applications
• Work closely with the development team to assist for secure design, S-SDLC methodology and DevSecOps methods
• Participate in technology evaluation, planning and automated deployment to support their strategic move to SaaS, PaaS and IaaS services across multiple cloud providers (Azure, AWS)
• Organize collaboration with Infraestructure and Operations teams to always deliver the best security solution
• Maintain and update security architecture diagrams / documentations and make sure they are well shared to the organization
• Deliver firsthand technical solution knowledge and hands-on experience.

They offer:

• Competitive salary
• Permanent contract
• Bonus
• Flexible working hours
• Short Fridays
• Hybrid position: 3 days/week at the office (Cornellà de Llobregat) – 2 days/week at home
• Social benefits: health assurance, ticket restaurant, ticket transport.

• At least 5 years of experience as an application security design
• At least 3 years of MS Azure
• Additional experience on other public cloud providers (AWS, GCP, OCI)
• Experience in securing applications in hybrid and cloud deployments.
• Demonstrated experience in the design and implementation of cloud security controls for IaaS/PaaS/SaaS
• Experience securing serverles and low code/no code platforms
• Knowledge of application security and secure software development practices: S-SDLC, DevSecOps, OWASP top 10, CWE 25, etc.
• Fluent English
• Team-oriented and skilled in working within an international collaborative environment.
• Skilled in leading meetings internally and with clients / suppliers.
• Ability to communicate across all levels of the organization and work with diverse project teams.
• Willing to test and innovate initiative.
• Highest ethical standards. Integrity beyond reproach
• Demonstrated ability to lead, motivate, and participate as a team player

• Strong knowledge of application development is a plus
• Experience with Application Security Testing (SAST, DAST, SCA, IAST, etc.) and how to embed them early in the development toolchain is a plus.
• Practical experience with Infrastructure as Code tools (Terraform, Ansible, Azure DevOps , etc.)
• Deep knowledge of cybersecurity concepts such as TLS, PKI, SSO, MFA, modern authentication methods, Reverse Proxy, Application Gateways, cloud encryption, keys and secrets security, NGFW, IPS, DDoS mitigation, CSPM, CASB, RASP, etc.