Application Security Architect – GCS Technology/Vision
Newmark Knight Frank (NKF) (NASDAQ: NMRK) is one of the world's leading commercial real estate advisory firms. We provide a fully integrated platform of services to prominent multinational corporations and institutional investors across the globe, as well as to occupiers, owners and developers of real estate on a local, regional and national level.
Together with London-based partner Knight Frank and independently owned offices, NKF's more than 14,000 professionals operate from more than 400 offices in established and emerging property markets on six continents.
NKF Global Technology team is seeking an experienced Application Security Architect.
The Application Security Architect (ASA) is responsible to plan, analyze, design, configure, test, implement, maintain and support the NKF Vision Product (an IWMS or Integrated Workplace Management System with a Business Intelligence layer) to ensure that it is responsive to changes in regulations and risk. The ASA will be responsible for establishing secure coding practices within the team, integrating, designing and implementing entitlement and single sign-on capabilities and configurations among several software platforms.
Essential Job Duties:
- Design, build and implement enterprise-class application security controls for a production environment
- Design application securityarchitecture elements to mitigate threats
- Create solutions that balance business requirements with information and cybersecurity requirements
- Identify security design gaps in existing and proposed application architectures and recommend changes or enhancements
- Use current programming language and technologies to writes code, complete programming and performs testing and debugging of applications
- Regularly liaise with the Global Information Security Team to ensure business alignment with the greater information security program and provide application security subject matter expertise where needed.
- Train users in implementation or conversion of systems
- May perform other duties as assigned
Skills, Education and Experience:
- BA or BS in Information Security, Engineering, Mathematics, or equivalent experience
- Masters in Cybersecurity a plus
- Minimum 5years of experience in the following:
- VB.NET, Java/J2EE, API/web services, scriptinglanguages and a relational database management system (RDBMS) such as MS SQL Server or Oracle.
- Identity and access management (IAM) including a range of SAML-based Identity Providers (IdP) like adAS, ADFS, Okta, OneLogin, Auth0.
- Securityarchitecture, demonstrating solutions delivery, principles and emerging technologies.
- Consulting and engineering in the development and design of security best practices and implementation of solid security principles across the organization, to meet business goals along with customer and regulatory requirements.
- Experience with and knowledge of:
- Relevant National Institute of Standards and Technology (NIST) standards
- Control Objectives for Information and Related Technologies (COBIT)
- Committee of Sponsoring Organizations (COSO) of the Treadway Commission
- Windows and UNIX operating systems
- Exceptional communication skills with diverse audiences, including clients/users of the product – strong critical thinking and analytic skills
- Strong leadership, project and team-building skills, including the ability to lead teams and drive projects and initiatives in multiple departments
- Demonstrated ability to identify risks associate with business processes, operations, information security programs and technology projects
- The ability to be the enterprise security subject matter expert who can explain technical topics to those without a technical background
- Knowledge of Facilities, Real Estate and Asset Management industry and practices a plus
- Knowledge of IBM TRIRIGA software product and/or IBM WebSphere is a plus
- Information Systems SecurityArchitecture Professional (ISSAP) a plus
Working Conditions: Normal working conditions with the absence of disagreeable elements.
Note: The statements herein are intended to describe the general nature and level of work being performed by employees, and are not to be construed as an exhaustive list of responsibilities, duties, and skills required of personnel so classified.