Product Security Architect

Flutter Entertainment invites you to join as a Senior Product Security Architect. This role focuses on securing product development across all regions and brands, ensuring application, infrastructure, and third‑party components meet the highest security standards.

Leeds / Dublin – Hybrid (2 days per week on site)

The Senior Product Security Architect defines, evolves, and champions a group‑wide Product Security strategy. Operating in a federated environment, the role delivers strategic guidance, technical direction, and hands‑on expertise to embed security into development lifecycles. The position is key advisor on AppSec standards, threat modelling, and security tooling, ensuring consistency and maturity across Flutter’s software estate.

Flutter operates two commercial divisions (Fanduel and International) plus central functions such as COO, Finance & Legal. The Flutter Edge drives differentiation across Product, Tech, Expertise, and Scale, supporting Product & Payments, Technology, Sportsbook Product & Trading, People, Property, Corporate Communications and Transformation.

• Strategic Leadership & Roadmap: Define and lead the enterprise‑wide Application Security and SSDLC strategy, develop AppSec maturity models, and drive global secure development policy.
• Technology & Tooling Strategy: Evaluate and support rollout of AppSec tools (SAST, DAST, SCA, container & IaC scanners, CI/CD integration), and guide secure design patterns in cloud‑native environments.
• Global Collaboration: Align strategies with Group Enterprise Security, monitor key AppSec KPIs, report to leadership, coordinate architecture reviews, and provide threat‑modelling support.
• Continuous Improvement & Innovation: Evaluate emerging technologies, reduce friction for developers, plan for incident response and disaster recovery, and elevate program maturity.
• Project & Vendor Management: Manage Secure by Design projects, coordinate with vendors, ensure solutions meet group policies, and oversee integration partners.

• Extensive experience in software development and application security with leadership in AppSec or Security Architecture.
• Proven track record designing enterprise‑scale secure development programs.
• Experience integrating tools such as SonarCloud, Checkmarx, GitHub Advanced Security, Snyk, Aqua, Prisma Cloud, Semgrep.
• Deep understanding of CI/CD ecosystems (GitLab, Jenkins, Azure DevOps, GitHub Actions) and embedding security in build pipelines.
• Background in regulated industries or large enterprises is highly desirable.
• Experience with mergers and acquisitions integration is a plus.
• Familiarity with frameworks: OWASP SAMM, ASVS, BSIMM, NIST SSDF, ISO 27034.
• Leadership experience in DevSecOps, security architecture, or SSDLC initiatives.
• Professional certifications such as CISSP/CSSLP, CISM, or AppSec‑specific credentials are valued.

• Bonus scheme
• Uncapped holiday allowance
• Enhanced pension scheme
• Private healthcare
• Life assurance
• Income protection
• £1,000 annual self‑development learning fund
• Invest via Flutter Sharesave Scheme
• Enhanced parental leave

Flutter is an inclusive employer. We encourage applicants from all backgrounds, ways of thinking, and work styles. Adjustments can be made to accommodate your needs.