Senior Software Security Architect

Software Development London, United Kingdom


Description

 

 

Job Specification – Senior Software Security Architect

The Company

G-Research is a well-established and rapidly growing firm with a leading platform for developing quantitative research and systematic investment ideas. We have created a community designed to inspire the best minds in the world to tackle the toughest intellectual challenges and deliver the best work of their careers. Our platforms and technologies are constantly evolving to meet the real-world scenarios we throw at them and we are seeking world-class software engineers to join us.

Traditionally a .NET and Microsoft house, as a successful and well-funded business G-Research are broadening the scope of the platforms and development tools we use.  We aim to use the best tools available for the job and are actively extending the use of open source and Linux-based technologies in the areas that they can make a real difference.  Developers with experience in these technologies can make a big impact - we are happy to hire people with a diverse range of skills, there's no specific requirement for experience with .NET. Technologically the sky is the limit and we are looking for the brightest and best developers in the world to take our capability to the next level.  This is an exciting time to join G-Research.

The Role

Security of in-house software development is central to the business’ goals. Software at G-Research is developed primarily in C#. Reporting into the Secure Architecture Team Manager, the key responsibilities of the role are:

  • Designing, analysing & reviewing application and platform security architecture
  • Maturing and promoting our secure development methodology
  • Developing security software, libraries and controls:
    • shared security components for use by our developers
    • high assurance software (e.g. for cryptographic key management)
    • bespoke security tools/controls for use by the InfoSec division
  • Working closely with our infrastructure security design practice, risk and control assurance teams to ensure continuity of practices.

Forthcoming architectural challenges include Security API redesign across the platforms, security risk modelling of different types of code/algo, build chain security, and dependency management.  Team development challenges include solutions for code integrity, endpoint authentication, application armouring, data tagging & flow control, and sandboxing.

 

The Individual

The candidate must be an experienced, pragmatic, and practical software architect with good communication skills, development experience, and the security mindset.  They should be enthusiastic and have a track-record of interest in attack and defence techniques for application security. A subset of the following skills is required:

  • Proven ability to develop high quality software in an object-oriented language.
  • Extensive commercial experience as a security architect; experience securing green-field and brown-field applications; skills such as threat modelling and risk-based approaches are particularly welcome
  • Commercial or personal experience in security & cryptography topics that demonstrates security skills. For example: authentication, cryptocurrency, transaction systems integrity, reverse-engineering resistance / obfuscation, securing distributed systems, open source development security.
  • Appreciation of good software architecture and knowledge of platform internals: compilers, language VMs, operating systems, assembly code.
  • Experience working with crypto libraries and PKI (e.g. openSSL, bouncycastle, X.509 PKI).
  • Excellent academics – good A-level results combined with a 2.1 or better from a top university in computer science/software engineering.
  • Working knowledge of Security Development Lifecycle (SDL) and security software assurance techniques.
  • Excellent communication skills – the successful candidate will be central to the interaction between the information security team and other developer teams within the business.
  • Candidates from all commercial backgrounds are encouraged to apply.