Job Description – Senior Application Security Architect
The Senior Application Security Architect will be the application security expert, responsible for securing enterprise information by determining application security requirements; planning, implementing and testing security controls. This position reports to the Director of Software Architecture.
Drive secure software development and testing practices with the goal of protecting commercial and internal applications and data. The candidate must be able to collaborate with architects, developers, analysts, testers and various parties to perform security assessment, design and code reviews, threat modeling, testing and training in order to prevent, identify, analyze and remediate any existing or potentially emerging security defects in the software and/or software requirements and SDLC. The ideal candidate will be a though leader, an innovator, self-motivated and a driver.
- Working with the Enterprise Architect and the CSO, establish organization-level application security architecture standards.
- Ensure systems are deployed consistent with adopted software security standards. Architect, design, develop and implement software security framework and systems to support our enterprise systems for internal and external users.
- Partner with other architects, software engineers and QA engineers to ensure adequate security processes and tools are in place throughout to mitigate identified risks to an acceptable level, and to meet business objectives and regulatory requirements.
- Based on your own strong development background with prominent web development languages and frameworks, provide security advice to development and testing teams
- Provide expert-level guidance to security analysts, testers and development teams during application security assessments. Must be able to identify, re-create and remediate security defects
- Serve as a leader by promoting security awareness, mentoring other team members, and staying up-to-date on security trends related to threats, vulnerabilities and OWASP best practices
- Lead and implement an Identity and Access Management Service based on ForgeRock.
- BS in Computer Science, Information Security or equivalent
- 5+ years of experience in application security architecture or security management with expertise in applying secure software development methods within the SDLC
- Experience conducting security code review, threat modeling, or application penetration assessments
- Extensive hands-on development experience a must; 10+ years
- Highly motivated, competitive, entrepreneurial and attracted to challenging opportunities
- Demonstrate the ability to work in a fast-pace environment
- Possess excellent collaboration skills with internal teams
- Is a self-starter with integrity and accountability
- Experience in interfacing with multiple information technology application and infrastructure development and support areas within an enterprise.
- Hands-on experience with LDAP, SSO, SAML, Active Directory
- Experience with ForgeRock is highly preferred
- Familiarity with network architecture and topologies
- Familiarity with APIs, web services and SOA
- Experience with OWASP top 10 and how to protect against them
- Experience with cloud and on-premise security models
- Experience with release management and DevOps of custom software