Associate Principal Security Architect (Digital Security) logo
Job TitleAssociate Principal Security Architect (Digital Security)
Business Stream:Dyson

Associate Principal Security Architect

About us

At Dyson, we are not just creating innovative, technology-enabled products; we are also breaking new ground in cybersecurity. Our products are becoming more advanced and interconnected, which means we face a constantly evolving cyber threat landscape. This requires a highly skilled candidate to join our team, with a passion for staying ahead of emerging threats and keeping our products secure.

We take a proactive approach to cybersecurity. We do not wait for threats to emerge; we anticipate them and respond with innovative solutions. This means that at Dyson, you will have the opportunity to work with innovative technologies, like artificial intelligence and machine learning, to protect our products and customers.

You will be part of a team of cybersecurity experts, utilizing the latest tools and technologies to identify and respond to threats in real-time. You will work closely with our engineering and product teams to ensure that security is integrated into every aspect of our business.

Join our team at Dyson, and you will be at the forefront of cybersecurity, working on some of the most innovative and advanced products in the industry. You will have the opportunity to develop your skills and knowledge, collaborating with a talented team of experts to ensure we are always secure. If you are passionate about cybersecurity and looking for an exciting and challenging role, Dyson is the place for you.

About the role

As a Digital Security Solutions Architect at Dyson, you will play a key role in implementing security principles to protect our digital application landscape from eCommerce to mobile applications. Working within our collaborative, global Cyber Security team, you will design and implement enterprise-class web security solutions.

Collaborating closely with our Global Head for Security Architecture and Engineering, you will drive the adoption of Zero Trust security principles and best practices across the organization. You will also work closely with colleagues across the Cyber Security and Risk (CSR) function to ensure that our products and data are secure and protected against evolving threats.

In this role you will:

Provide advisory services to management, helping to define the appropriate security architecture and security patterns across our digital application landscape, including eCommerce, Ownership Experience, and Mobile; and acting as the Technical Product Manager to provide the necessary business, technical, and functional requirements for successful enrolment of our digital applications to our web application security infrastructure.

Perform security architecture reviews and threat modelling to identify, analyse, and resolve system design and development weaknesses for business and technology projects.

Be responsible for identifying and recommending improvement areas in existing digital application architecture to address evolving cybersecurity threats.

Balance business requirements with cybersecurity and information technology requirements based on the organization's risk appetite, develop, and integrate security operating models and documentation to ensure operational efficiency, scalability, and sustainability.

As a domain expert and trusted partner in CSR, work closely with stakeholders in other groups on cybersecurity engineering-related matters and manage cybersecurity projects with virtual teams/vendors ensuring successful implementation to meet organizational objectives.

Troubleshoot, support, and resolve system incidents, problems, and changes as required.

About you

Looking for a cybersecurity challenge that will test your skills and push your boundaries? Join our team as digital security solutions architect, where you will be responsible for designing, implementing, and customizing advanced security solutions that align with our innovative enterprise security strategy.

To succeed in this role you should:

Be able to work independently or as part of a team with minimum supervision. You should have technical certifications or other information security certifications, such as CISSP, CISM, and CCSP, as well as cloud-related certifications in AWS, GCP, Azure, and other cloud platforms.

Demonstrate a deep understanding of security at all levels of the software, hardware, and network stack, while being exceptionally deep in application and mobile security to work with developers to implement detective and preventive controls.

Have working experience in threat modelling and familiar with STRIDE model, MITRE cyber kill chain, analysing and creating attack trees.

Be able to address application and API-related cybersecurity threats and develop web application firewall “virtual patching” solutions, and review WAF usage and define means to improve and mature protection policies.

Possess a good understanding of SAST, DAST, SCA and familiar with one or more of the following tools, i.e., SonarQube, Veracode, Fortify, Qualys, OWASP ZAP, Nexus IQ, OWASP Dependency-Check, Akamai.

Be up to date with current OWASP standards and mitigation methods. Additional working knowledge of secure coding and secure application design would be a big plus.

Have practical experience in scripting or coding skills with languages like VBScript, PowerShell, Perl, JavaScript, etc., and a good understanding of REST APIs and JSON will be highly valuable to us.

Have hands-on experience in technical design, implementation, and customization of web application security solutions, and be able to produce low-level design documentation and delivery updates.