Application Security Architect
Posted on Sep 4, 2020 by ESG Consulting
Our client is seeking an Application Security Architect to consult with all relevant Information Technology (IT) teams on all matters relating to Application Security and will be responsible for the development, maintenance and continuous monitoring of application security architecture related controls.
This role is focused on people, process and technology to ensure Secure Software Development Life Cycle (SDLC) for a fast-paced IT application support and infrastructure teams.
The role requires a solid understanding of application security principles, best practices and a background working in a secure application development and coding environment within an enterprise.
Job Tasks of the Application Security Architect:
- Build a very close working relationship with the Office of Infrastructure and the Office of Application Support under the Department of Information Technology (IT).
- Provide strong information security leadership and cross-functional/stakeholder communications.
- Develop and maintain up to date documentation related to Application Security including the development of secure coding policies, procedures and standards to ensure effective and efficient Secure Software Development Life Cycle (SDLC) processes, to include necessary information security checkpoints, code review (Whitebox) methodologies, etc.
- Identify information security requirements by evaluating business strategies and requirements; researching information security standards; conducting vulnerability and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
- Experience in web application design, penetration testing, application risk assessment, and risk categorization.
- Plan and coordinate with internal teams on the design, integration, development, validation and implementation of specific policies, procedures and standards.
- Serve as Advisor to Office of Infrastructure and the Office of Application Support on:
- Evaluation of new security trends and technologies
- Assessment and acquisition of application security tools and technologies
- Vulnerability and penetration testing and gap remediation workflows
- Network and End-point forensics
- Incident response workflows
- Audit compliance reporting
- Attend design and application architectural reviews and actively lead discussions from an information security standpoint.
- Participate an information security subject matter expert in the incident response program.
Minimum Experience & Qualifications:
- Minimum of 5 years in the following information security functional areas:
- Web and Mobile Application Security
- Dynamic Application Security Testing
- Static Application Security Testing
- Patch & Vulnerability Management
- Vulnerability & Penetration Testing
- Authentication and Authorization
- Identity and Access management
- Two Factor Authentication (2FA)
- Single Sign On (SSO)
- Expertise in mitigating and addressing technology or application threat vectors.
- Expertise in building a defense-in-depth infrastructure security architecture that includes information security controls across multiple technology stacks.
- Ability to conduct Source Code reviews and educate development teams on best practices.
- Experience with Web Application Firewalls, Nessus, and Burp Suite.
- Solid knowledge and understanding of securing all major web server environments and cloud platforms based on Open Web Application Security Project (OWASP) Top Ten recommendations.
- Demonstrated knowledge of regulatory and statutory compliance requirements across industries.
- Familiarity with dynamic web application vulnerability assessment tools and services.
- Familiarity with static code analysis tools and services.
Job Requirements of the Application Security Architect:
- BA/BA Degree combined with 15+ years of overall information security experience.
- Strong program development, program management and leadership skills including experience in developing, documenting and establishing holistic information security programs and best practices.
- Deep application development/software development knowledge, understanding of information security protocols and Application programming interfaces (APIs).
- Understanding of application threat modelling and Secure SDLC best practices.
- Strong documentation skills in writing application security policies, procedures and standards.
- Current information security management certifications such as CISSP, CISM and HISP.
- Curious, inquisitive, lifelong learner and self-starter.
- High level of personal integrity and trustworthiness.
- Great team player with good communication skills.
- Low stress work environment
- Promote from within
- Flexible start times
- Health, Dental, Vision, 401K
ABOUT ESG CONSULTING:
ESG Consulting is an award-winning national provider of diversified information technology consulting services to Fortune 1000, public sector entities, and emerging growth firms nationwide.
Founded in 1986, ESG offers more than 32 years of experience in the IT staffing, Engineering and consulting industry. While local to Atlanta we are headquartered in Santa Clara.
ESG is an equal opportunity company. Our flexible management culture believes in creating a business environment that fosters personal and professional growth and achievement. We make ESG a place where people are treated not as employees but as "partners".
Set up alerts to get notified of new vacancies.