Senior Information Security Architect

The BBC Information Security Team works with BBC teams around the world to provide expert advice, review systems, and deal with threats. We ensure risks are identified, managed and mitigated. The Security Engineering & Architecture team focuses on securing the BBC’s digital products and platforms by working with product teams early in the SDLC, designing and deploying systems, and fostering relationships across the business through the Security Champions network.

The BBC reaches over half a billion people online every week. Working with teams such as iPlayer, Sounds and News, you will regularly collaborate with critical BBC product teams, gain exposure to the latest security vulnerabilities and technologies, and help evolve the BBC’s digital security strategy.

• Architecture of Systems
  • Perform security risk assessments on BBC Digital Product environments throughout the SDLC and recommend security enhancements, remediation and mitigation strategies.
• Digital Policy & Guidance
  • Research new security technologies, trends and threats related to BBC Digital Products and provide technical and non‑technical guidance to internal stakeholders and third parties.
  • Assist in running the BBC Security Champions network, facilitating sessions, engaging with champions, and evolving the network.
  • Support tactical initiatives to secure Digital Product environments, contributing to information security policies, procedures and standards.
  • Develop and maintain relationships with Digital Product suppliers, staff, Security Champions and other stakeholders.
• Development
  • Peer with the InfoSec team to design, develop and deploy code for systems that aid the BBC InfoSec function and help teams understand their risk posture.
• Vulnerability Management
  • Support the processes around security issues identified in BBC Digital Product environments, including investigation, validation and revalidation.

• Familiarity with at least one coding language (e.g., Python, JavaScript) and demonstrable experience in both designing and implementing digital software projects.
• Ability to convey complex technical knowledge and guidance, in written form and verbally, to multiple audiences including internal stakeholders and third parties.
• Demonstrable ability to break complex problems into tangible parts, self‑direct required learning and operate in a semi‑autonomous manner.
• Experience deploying systems and applications from code to a cloud environment (e.g., AWS).
• Demonstrable experience of a wide range of technical security knowledge and applying this to identify and remediate security issues in digital software products.

• Experience of being involved in a community and taking an active lead in organising and facilitating.
• Experience with STRIDE Threat Modelling and mitigating issues from application security tooling.

1. Submit your online application.
2. Complete a technical exercise remotely and submit your code to the hiring managers.
3. Attend an interview. Before your start date, you may need to disclose any unspent convictions or police charges in line with our Contracts of Employment policy.

This job description is a written statement of the essential characteristics of the job, its principal accountabilities, as well as the skills, knowledge and experience required for satisfactory performance. It is not intended to be a complete or detailed account of all duties involved.

For any general queries, please contact: bbchr@bbc.co.uk.

We welcome applications from individuals, regardless of age, gender, ethnicity, disability, sexual orientation, gender identity, socio‑economic background, religion and/or belief. We are a disability confident employer. If you need adjustments or access requirements for the interview process or for the role, please contact reasonable.adjustments@bbc.co.uk.

• Competitive salary (£75,000‑£85,000 depending on relevant skills).
• Fair pay and flexible benefits including a flexible 35‑hour working week, 25 days annual leave (option to buy 5 extra days), defined pension scheme and discounted dental, health care and gym.
• Excellent career and professional development.
• Support in your working life, including flexible working options discussed at any point in the application, selection or offer.
• A values‑based organisation where the way we do things is important as what we do.