Application Security Architect

Hertz Global Holdings, Inc   •  

Estero, FL

Industry: Transportation


Not Specified years

Posted 43 days ago

General Responsibilities

As an Application Security Architect, you'll play a key role in partnering with Engineering, QA, and Product teams to drive security practices and technical solutions throughout the development and testing cycles. This role will focus on the development and implementation of security architecture, application and infrastructure designs, development practices, and testing methods in a complex environment. The successful candidate will be an expert in identifying and fixing application security issues, the design, use and measurement of secure software development practices, application security testing tools, common development and QA processes, and will have a strong background in development, security testing, and writing security user stories and detailed technical specifications for security in application and product designs. They will have domain expertise that's applicable across teams. This individual will quickly establish relationships and become a trusted resource for Product, Development, QA, Operations, and IT departments, and will also have a hands-on role in designing solutions and creating specifications for those teams.


  • Conduct security architecture/application reviews to assess technical and business risk, identify threats and potential areas for abuse in applications, specify solutions, verify through testing, and determine the right level of architecture activity and project oversight based on risk
  • Analyze and interpret business and security requirements
  • Understand the relationship between business needs, risk, and security measures
  • Translate security requirements into architectures and specific technology implementations
  • Develop presentations and diagrams to communicate application security state and design requirements
  • Deliver security roadmaps to address application security issues in a risk-based, prioritized order and drive implementation across multiple teams
  • Drive the implementation of security requirements by designing and building prototypes and proofs of concept, ensuring architectures are reviewed and approved, delivering design documents and standards, and creating user stories
  • Develop test plans for security production verification and assist Product Development and QA with security test methodologies and tools
  • Work with Product Development to embed secure development practices
  • Lead projects to select and deploy developer security tools
  • Build relationships with peers and stakeholders (Product Development, QA, Operations, Sales Engineering). Establish a trusted risk advisor role.
  • Evaluate, implement, and support security-focused tools and services (such as source code scanners, fuzzers, dynamic analysis scanners, binary/executable code security analyzers
  • Develop key indicators of malicious activities and ensure mitigation and detection measures are designed and built into applications (e.g.: security instrumentation)
  • Develop security metrics and measurement capabilities to demonstrate application security and SDLC security activities
  • Mentor and train other technical team members throughout the company
  • Develop and deliver an application security training curriculum for Product Management, Product Development, and QA
  • Evaluate and recommend new and emerging security products and technologies
  • Participate in security escalation support
  • Maintain strong knowledge of common security vulnerabilities, attack vectors, attack methods, and remediation techniques

Mandatory Requirements

Position Requirements

  • Experience as a professional developer
  • Detailed technical knowledge and hands-on practice working in security penetration testing, secure software development, or security-related QA
  • Experience in cloud and application-level security architecture.
  • Advanced knowledge of web architectures, web applications, APIs, mobile applications, desktop applications and the underlying technology of cloud infrastructure
  • Detailed knowledge of web, mobile, and client application security vulnerabilities, attack methods, and countermeasures
  • Experience with a broad range of attack classes
  • Experience securing platform web APIs
  • Experience leading code reviews, penetration tests, or similar projects
  • Experience deploying and using a wide selection of open source and commercial security development and testing tools (code scanners, fuzzing, using proxies in security testing, etc.)
  • Experience building security testing tools and scripts for specific environments and use cases, and the ability to craft proof of concept exploits to demonstrate issues
  • Experience bringing security designs and secure development practices into Agile development environments, QA teams, and Product planning (MRDs, PRDs, coding style guides, user stories, technical specifications, verification and testing methods, etc.)
  • Consistent hands-on experience delivering security design specifications
  • Strong knowledge of secure application architectures, encryption technologies, cryptography and key management, authentication & authorization, and implementation thereof
  • Knowledge of network- and web-related protocols (e.g., TCP/IP, HTTP, HTTPS) and security capabilities and limitations of each
  • Knowledge of web, VoIP and mobile application development and programming languages including Java, C++, Objective C. Previous programming experience, and experience working with product managers, QA teams, and application developers
  • Strong familiarity with common application security frameworks such as the OWASP Top Ten
  • Knowledge of security bug classification frameworks such as CVSS or DREAD, and experience applying security bug classification methods in development and QA
  • Excellent technical documentation skills
  • Experience performing threat modeling
  • Results driven, creative, professional, persistent, quality oriented, and self-motivated work style. Must be able to prioritize and manage their projects and workload