Director - Application Security Architect

Be You’ at GSK

At GSK, we unite science, technology, and talent to get ahead of diseases together. 

We are a world leader in infectious diseases, including vaccines and HIV, with the broadest portfolio in the industry, pushing the frontiers of respiratory science and improving the lives of millions of patients, recognised for our ESG leadership, making an impact on some of society’s most urgent challenges We’re confident that together we can make a positive impact on the health of more than 2.5 billion people by 2031.

When you set out on your adventure at GSK, we make a deal. You commit to living our values and performing against our Innovation, Performance and Trust priorities. In return, GSK commits to providing the right environment for you to thrive.  Together, we build an environment where we can all thrive and focus on what matters most to each of us. 

Job Purpose

This is a critical role within the Cyber Security Office, reporting directly to the Security Architecture Lead. With a focus on ensuring the security of GSK’s applications, both commercial off-the-shelf (COTS) and home-grown developments, throughout their lifecycle. The ideal candidate will have extensive experience in life sciences and operational technology (OT) environments, with a strong background in application security, DevSecOps, and secure software development lifecycle (SDLC) practices. This role requires a strategic thinker, a problem solver, and an innovator who can collaborate effectively with cross-functional teams to enhance GSK’s security posture.

Key responsibilities

• This is an individual contributor role with a focus on strategic design and innovation
• Develop and maintain a comprehensive application security architecture strategy that aligns with GSK’s business goals and regulatory requirements
• Lead the design and implementation of secure application architectures for both COTS and custom[1]developed applications
• Integrate security best practices into the SDLC, ensuring that security is embedded in every phase of application development
• Collaborate with development, DevOps, and IT teams to implement and enforce security controls and policies
• Conduct threat modeling, risk assessments, and security code reviews to identify and mitigate vulnerabilities
• Drive the adoption of DevSecOps practices, automating security testing and monitoring within CI/CD pipelines
• Stay current with emerging threats, technologies, and trends in application security to inform strategic decisions
• Provide technical guidance and mentorship to security engineers and development teams
• Ensure compliance with industry standards and regulatory requirements (e.g., GDPR, HIPAA, PCI)
• Communicate complex security concepts and strategies to non-technical stakeholders, ensuring understanding and buy-in
• Lead the evaluation and selection of security tools and technologies to enhance application security
• Conduct security assessments and gap analyses to identify and mitigate security risks
• Support the development and implementation of security architectures across various domains, including AI/ML, cloud, and network security
• Continuously evaluate and refine application security solutions to enhance their effectiveness and efficiency
• Establish metrics to measure the effectiveness and performance of application security solutions

Required skills

• Proven experience in developing and implementing application security strategies and architectures
• Extensive knowledge of secure coding practices, threat modeling, and risk assessment methodologies
• Strong expertise in DevSecOps, CI/CD pipelines, and automation of security testing
• Hands-on experience with security tools and technologies (SAST, DAST, RASP, WAF) • Experience in life sciences and OT environments, with a deep understanding of regulatory requirements
• Strong communication and collaboration skills, with the ability to engage with technical and non-technical stakeholders
• Proficiency in writing, developing, and maintaining technical documentation, including security standards, strategies, and implementation plans
• Ability to prioritize and filter actions to focus on those with significant impact on the program
• Excellent problem-solving and analytical skills, with the ability to work under pressure
• Knowledge of AI and machine learning security considerations
• Ability to think creatively and drive innovation in application security
• Strategic thinker with a business-focused mindset
• Strong collaborator and innovator
• Ability to communicate complex security concepts to non-technical stakeholders
• Problem solver with a proactive approach to identifying and mitigating security risks
• Experience with cloud security (AWS, Azure, GCP)

Required Qualifications

• Advanced degree in Computer Science
• Total 18+ years of experience out of which 7+ years of cyber security engineering experience
• Certifications such as CISSP, CISM, CEH, along with TOGAF, SABSA, or Purdue
• Experience in security automation and orchestration
• Understanding of AI and machine learning security considerations

Skills

Cyber Security Architecture, Secure Coding Practices, Security Controls, Security Policies, Security System, Security System Design, Test Planning, Vulnerability Management, Vulnerability Scanning

Why GSK?

Uniting science, technology and talent to get ahead of disease together.

GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organisation where people can thrive. We prevent and treat disease with vaccines, specialty and general medicines. We focus on the science of the immune system and the use of new platform and data technologies, investing in four core therapeutic areas (infectious diseases, HIV, respiratory/ immunology and oncology).

Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued, and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

It has come to our attention that the names of GlaxoSmithKline or GSK or our group companies are being used in connection with bogus job advertisements or through unsolicited emails asking candidates to make some payments for recruitment opportunities and interview. Please be advised that such advertisements and emails are not connected with the GlaxoSmithKline group in any way.

GlaxoSmithKline does not charge any fee whatsoever for recruitment process. Please do not make payments to any individuals / entities in connection with recruitment with any GlaxoSmithKline (or GSK) group company at any worldwide location. Even if they claim that the money is refundable.

If you come across unsolicited email from email addresses not ending in gsk.com or job advertisements which state that you should contact an email address that does not end in “gsk.com”, you should disregard the same and inform us by emailing askus@gsk.com, so that we can confirm to you if the job is genuine.