Senior Product Security Architect

Blip is a leading tech company focused on software engineering solutions for sports entertainment.

We operate at scale. As part of Flutter Entertainment, we play an essential role in the Group's goal of becoming the global leader in online sports betting and iGaming, developing innovative products and platforms for over 14 million monthly customers worldwide.

We are serious about Tech. We are problem-solvers with big ambitions, keeping a people-first mindset at the core of our work. We prioritize flexibility as we strive to deliver the best technological products and tackle the greatest industry challenges.

Recognizing that everyone brings their own strengths, backgrounds and new perspectives, we empower you to be yourself. That uniqueness shapes the culture of belonging we are so proud of.

Flutter consists of two commercial divisions (Fanduel and International) and our central Flutter Functions; COO, Finance & Legal. Here in Flutter Functions we work with colleagues across all our divisions and regions to deliver something we call the Flutter Edge. It’s what differentiates us, our ‘secret sauce’ which plays a key part in our ongoing success and powers our brands and divisions, through Product, Tech, Expertise and Scale. In Flutter COO we work with experts across Flutter to build, deploy and communicate the Flutter Edge. Together we cover Product & Payments, Technology, Sportsbook Product & Trading, People, Property, Corporate Communications and Strategic Partnerships & Transformation.

**The Role**:
The Senior Product Security Architect is responsible for defining, evolving, and championing a group-wide Product Security strategy across all regions and brands. Operating in a federated environment, this role provides strategic guidance, technical direction, and hands-on expertise to help security and engineering teams across the enterprise embed security into the product development lifecycles.

**What You’ll Be Doing**:

- Strategic Leadership & Roadmap: Define and lead the enterprise-wide Application Security and SSDLC strategy, including short, mid, and long-term goals aligned with the group’s security posture and digital transformation initiatives. Develop and maintain AppSec maturity models (e.g. based on OWASP SAMM, NIST SSDF, BSIMM) and work with business units to assess current state and define realistic improvement plans. Drive the development of a global secure development policy, including approved tools, practices, and coding standards.
- Technology & Tooling Strategy: Evaluate, recommend, and support the rollout of AppSec tools such as SAST, DAST, SCA, container and IaC scanners, runtime protections, and CI/CD pipeline integrations. Collaborate with platform and DevOps teams to ensure tool integration and automation into developer workflows across brands. Provide architecture guidance on secure design patterns and security tool architecture in cloud-native and hybrid environments.
- Project and Vendor Management: Oversee Secure by Design project execution and coordinate with project managers to ensure results (system implementations, migrations, integrations) are completed on time. Manage relationships with product vendors and service providers (Remaining vendor neutral) - e.g. oversee any integration partners/consultants and ensure we leverage vendor support. Evaluate and select products or upgrades in line with the strategic roadmap. Ensure that vendor solutions are configured to meet our requirements and that any services used governed under group policies.

**We’d Like You to Master In**
- A track record of designing and implementing enterprise-scale secure development programs and embedding security into engineering culture.
- Broad experience integrating with various systems and tools such as: SonarCloud, Checkmarx, GitHub Advanced Security, Snyk, Aqua, Prisma Cloud, Semgrep, etc.
- Strong understanding and use of CI/CD ecosystems (e.g. GitLab, Jenkins, Azure DevOps, GitHub Actions) and how to embed security in build and deploy processes.
- Experience working in or with regulated industries or large enterprises is highly desirable.
- Mergers and Acquisitions integration experience is a plus
- Familiarity with industry frameworks and standards: OWASP SAMM, OWASP ASVS, BSIMM, NIST SSDF, ISO 27034.
- Lead teams and projects. This could be as an DevSecOps team lead, security architect, or manager for SSDLC initiatives.
- Professional certifications in security are highly valued, such as CISSP/CSSLP, CISM, and/or other AppSec-specific certifications.

**Equal opportunities**:
At Blip, we are committed to creating a diverse and inclusive workplace. We strongly encourage people from all backgrounds, **ways of thinking, and working to apply.**
**We are committed to including everyone** regardless of their race, disability, age, gender identity, sexual orientation, and religion.

We will only respond to inquiries related to disabilities.