Application Security Architect
Posted on Aug 27, 2020 by ESG Consulting
Our client is seeking an Application Security Architect to lead development of security architecture and design, for a wide range of hardware/software products and services. Lead definition of secure-SDLC (system development life cycle) and product security maturity model and develop security controls and processes for products developed and deployed in cloud and non cloud environments.
Remote work while under COVID-19. May go into the office 1 day a week at this time. Will be expected to go to the office every day once its deemed safe.
Responsibilities of the Application Security Architect
- Develop in-depth security architecture, design and coding standards across infrastructure, application and data security, to drive a standardized set of security requirements, and align with internal policies and meet compliance/regulatory requirements.
- Perform threat modelling, conduct reviews of security architecture and platform/service designs, and audit source code.
- Partner across various teams to ensure that security is a mandatory component of product planning and prod Actively contribute to the overall security strategy by identifying and implementing modern security architectures, standards and toolsuct roadmaps
- lead, and evangelize the software security program ensuring that all products are designed, deployed, and maintained securely by using a risk-based approach
- Partner across various teams to ensure that security is a mandatory component of product planning and product roadmaps
- Participate in design sessions with architects, engineers and product owners to effectively build security into new features and capabilities
- Actively contribute to the overall security strategy by identifying and implementing modern security architectures, standards and tools
Qualifications (not all required)
- Bachelor's degree
- 5 or more years of relevant work experience building or leading software security programs (preferably within a regulated industry)
- 3+ years of experience engineering platform security into cloud infrastructures (preferably Azure)
- Experience in development and application security.
- experience building or leading software security programs (preferably within a regulated industry)
- Security certifications nice to have: CRISC, GSEC, CISA, CISM or CISSP
- Python a plus
- Strong familiarity and expertise with Java
- at least one Scripting language.
- Expertise with encryption and protection of data both at rest and in transit
- Proven experience identifying, triaging and remediating application security vulnerabilities
- Knowledge of Cloud native security tools.
- In-depth knowledge of application security concepts, best practices and methods
- Knowledge of security best practices, principles, and common security frameworks, such as NIST, ISO, Common Criteria, TCSEC, OWASP, etc.
- Experience with data architecture, modelling and integration.
- Understanding of security by design principles and architecture level security concepts.
- Knowledge of current and emerging security technologies, threats and techniques for exploiting security vulnerabilities.
- Experience with methodologies and tools, for threat analysis of complex systems, such as threat modelling and software fuzzing.
- Proficiency using configuration management tools such as Chef, Puppet, Terraform or Ansible to automate security into infrastructures
- Experience building secure software based on frameworks such as OWASP, CWE, SANS, OpenSAMM, BSIMM.
- Experience with various application security tools such as SAST, SCA, DAST, Penetration testing, Fuzzing etc.
- Experience building privacy by design into products & services while securing publicly-facing, E-commerce-driven web application architectures
- Experience with process improvement, automation release management, and system development life cycle (Waterfall and Agile).
- Experience with Data security and Governance.
- Robust hands on experience leading and managing external penetration testing
- Strong knowledge of both the Linux and Windows operating systems
- Communication, presentation and analytical skill
- Ability to clearly document application security standards, architectural requirements, and other artifacts as needed
- Low stress work environment
- Promote from within
- Flexible start times
- Health, Dental, Vision, 401K
ABOUT ESG CONSULTING:
ESG Consulting is an award-winning national provider of diversified information technology consulting services to Fortune 1000, public sector entities, and emerging growth firms nationwide.
Founded in 1986, ESG offers more than 32 years of experience in the IT staffing, Engineering and consulting industry. While local to Atlanta we are headquartered in Santa Clara.
ESG is an equal opportunity company. Our flexible management culture believes in creating a business environment that fosters personal and professional growth and achievement. We make ESG a place where people are treated not as employees but as "partners".
Set up alerts to get notified of new vacancies.