Role Summary

We are seeking a senior Security Architect to lead the design and implementation of end-to-end security architecture for a modern digital banking platform. This role will act as the primary security authority across applications, cloud, and platform layers—working closely with engineering teams, architecture leads, and client stakeholders (including CISO office) to ensure security is embedded by design into all systems and processes.

Key Responsibilities

1. Security Architecture & Design

• Define and own end-to-end security architecture across application, API, cloud, and infrastructure layers
• Design security controls aligned with modern banking architectures (microservices, cloud-native, APIs)
• Translate business and regulatory requirements into secure architecture blueprints

2. Application Security Leadership

• Establish and enforce secure SDLC practices across engineering teams
• Lead threat modelling activities (e.g., STRIDE) and define mitigation strategies
• Review and validate secure coding practices across key languages (Kotlin, Java preferred)
• Drive implementation of secure authentication, authorization, and cryptographic controls

3. DevSecOps & Automation

• Define strategy for integration of SAST / DAST / SCA tools into CI/CD pipelines
• Architect scalable security automation frameworks and pipelines
• Define security gates, policies, and metrics for continuous risk reduction

4. Cloud & Platform Security

• Define security architecture for AWS / cloud-native environments
• Ensure secure design for container platforms (Docker, Kubernetes) and APIs
• Guide teams on identity, network security, encryption, and secrets management

5. Governance, Risk & Compliance

• Align security architecture with banking regulations and industry standards
• Ensure compliance with frameworks such as:
• OWASP Top 10
• MASVS / ASVS
• Secure SDLC practices
• Support risk assessments, audits, and client governance processes

6. Stakeholder Engagement

• Act as trusted advisor to senior stakeholders (Architecture, CTO, CISO office)
• Communicate security risks, trade-offs, and recommendations clearly to business stakeholders
• Lead security discussions in architecture forums and design reviews

Required Qualifications

Experience

• 8+ years in software engineering / security
• Experience in banking/financial services or regulated environments

Technical Expertise

• Strong background in application security and secure coding practices
• Hands-on experience with at least one major language (Kotlin, Java preferred)
• Deep understanding of:
• API security (OAuth2, OIDC, JWT)
• Authentication & authorization models
• Cryptography basics
• Experience with:
• SAST (e.g., Checkmarx, SonarQube)
• DAST (e.g., OWASP ZAP, Burp Suite)
• SCA tools (e.g., Snyk, Black Duck)

Cloud & DevSecOps

• Experience securing AWS environments
• Knowledge of:
• CI/CD security integration
• Container security and orchestration
• Infrastructure-as-code security

Architecture & Leadership

• Proven ability to design enterprise-level security architectures
• Strong collaboration with distributed engineering teams
• Ability to influence without direct authority

Preferred Qualifications

• Security certifications (CISSP, CSSLP, AWS Security Specialty, etc.)
• Experience with:
• Mobile security (Android/iOS)
• AI/LLM security risks (prompt injection, model abuse)
• Experience in large-scale digital banking transformation programs

(Note: Due to the high volume of applications we receive, we are unable to respond to every candidate individually. If you have not received a response from GFT regarding your application within 10 workdays, please consider that we have decided to proceed with other candidates. We truly appreciate your interest in GFT and thank you for your understanding)