Job Description Summary

Build and lead a global team of security engineers with strong development background in charge of conducting deep, hybrid security assessments that integrate threat modeling, attack modeling, and white-box reviews—to uncover systemic weaknesses in complex software and systems. The role drives secure design, identifies exploitable flaws before adversaries do, and ensures critical applications and platforms are resilient by design.

Accountabilities

• Lead and scale the Advanced Product Security Assessments function, combining threat modeling, architecture review, code-level analysis, and exploit development to assess complex applications and systems to identify hard-to-find vulnerabilities
• Champion a hybrid assessment methodology that integrates OWASP Application Security Verification Standard (ASVS) and OWASP Software Assurance Maturity Model (SAMM) practices for design- and code-level assurance.
• Guide white-box security assessments (secure code review, static and dynamic analysis, logic flow tracing) to uncover design and implementation flaws leading to vulnerabilities such as authentication/authorization bypasses, complex business logic flaws, injection, deserialization, and insecure object references.
• Primary interface with Security Champions / Consultants early in the SDLC, champion threat modeling
• Advanced research of vulnerabilities, exploit code, reverse engineer solutions to identify attack entry points and implement rapid remediation/mitigation actions
• Write custom detection leveraging existing corporate and open-source solutions e.g., SAST custom rule development.
• Work in concert with the Global Penetration Testing to align assessment roadmaps, share intelligence on emerging attack vectors, and co-develop deep-dive evaluation methodologies that strengthen the bank’s continuous exposure management program.
• Develop proof-of-concept exploits or attack chains to validate potential vulnerabilities and demonstrate business impact in a controlled and responsible manner.
• Identify systemic security issues in software architecture, frameworks, and reusable components; drive remediations through pattern-based fixes and secure-by-design guidance.
• Mentor and develop a high-performing global team of security engineers, fostering technical excellence, inclusivity, and continuous learning.
• Partner with Product, Architecture, and Engineering leadership to align assessment outcomes with enterprise risk management and product release decisions.

Essential Skills / Basic Qualifications

• 10+ years of experience in software development (Java/Spring Framework, .Net, Python), application security, product security, or secure software engineering.
• Proven expertise in secure code review, threat modeling, and exploit development across multiple languages (Java, .NET, Python, JavaScript).
• Strong knowledge of OWASP Top 10, ASVS, SAMM, and secure SDLC best practices.
• Demonstrated leadership of diverse technical teams performing code-level and design-level reviews.
• Solid understanding of authentication, authorization, and secure architecture patterns for distributed systems.
• Ability to communicate complex vulnerabilities and risk scenarios clearly to both engineers and executives.

Desirable skills/Preferred Qualifications:

• Advanced degree in Computer Science/Engineering, Cybersecurity, or related field.
• Experience in financial services or other regulated environments.
• Deep technical expertise in one or more domains (cloud security, APIs, containers, identity systems).
• Familiarity with CISA Secure-by-Design, MITRE Engenuity ATT&CK/DEFEND, and industry threat modeling frameworks.

Purpose of the role

To provide a primary liaison service between the business, technology, and security functions. In order to ensure the confidentiality, integrity and availability of information, and support the mitigation of security risk. 

Accountabilities

• Collaboration with stakeholders to understand their security requirements in business processes and IT projects, to enhance overall risk management.
• Execution of risk assessments to identify and prioritise potential cybersecurity threats that could impact the banks operations and data and guide the implementation of mitigation strategies and communicate findings to relevant findings to relevant senior stakeholders.
• Collaboration with business units to develop and implement security policies and procedures for the banks operations aligned to the risk management framework.
• Management of the implementation, testing and monitoring of security controls across the banks IT systems to ensure the effectiveness of controls and mitigation of risk.
• Execution of training content and sessions to educate employees, enhance cybersecurity awareness and provide guidance on safe online practices.
• Management of complex cybersecurity incidents by collaborating with IT teams and response experts to effectively resolve cases through analysis, expertise support and project supervision.
• Identification of emerging cybersecurity trends, threats, and new technologies to address potential risks by advocating the adoption of new security solutions.

Director Expectations

• To manage a business function, providing significant input to function wide strategic initiatives. Contribute to and influence policy and procedures for the function and plan, manage and consult on multiple complex and critical strategic projects, which may be business wide..
• They manage the direction of a large team or sub-function, leading other people managers and embedding a performance culture aligned to the values of the business. Or for an individual contributor, they lead organisation wide projects and act as deep technical expert and thought leader, identifying new ways of working and collaborating cross functionally. They will train, guide and coach less experienced specialists and provide information affecting long term profits, organisational risks and strategic decisions..
• Provide expert advice to senior functional management and committees to influence decisions made outside of own function, offering significant input to function wide strategic initiatives.
• Manage, coordinate and enable resourcing, budgeting and policy creation for a significant sub-function.
• Escalates breaches of policies / procedure appropriately.
• Foster and guide compliance, ensure regulations are observed that relevant processes in place to facilitate adherence.
• Focus on the external environment, regulators, or advocacy groups to both monitor and influence on behalf of Barclays, when appropriate.
• Demonstrate extensive knowledge of how the function integrates with the business division / Group to achieve the overall business objectives.
• Maintain broad and comprehensive knowledge of industry theories and practices within own discipline alongside up-to-date relevant sector / functional knowledge, and insight into external market developments / initiatives.
• Use interpretative thinking and advanced analytical skills to solve problems and design solutions in often complex/ sensitive situations.
• Exercise management authority to make significant decisions and certain strategic decisions or recommendations within own area.
• Negotiate with and influence stakeholders at a senior level both internally and externally.
• Act as principal contact point for key clients and counterparts in other functions/ businesses divisions.
• Mandated as a spokesperson for the function and business division.

All Senior Leaders are expected to demonstrate a clear set of leadership behaviours to create an environment for colleagues to thrive and deliver to a consistently excellent standard. The four LEAD behaviours are: L – Listen and be authentic, E – Energise and inspire, A – Align across the enterprise, D – Develop others.

All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship – our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset – to Empower, Challenge and Drive – the operating manual for how we behave.