We are seeking to add an Application Security Architect to our growing managedsecurity offering. This individual will utilize a combination of business process analysis, technical process analysis and technical expertise to develop enterprise architectural security deliverables. This analyzes the relationships of the various IT components and business processes to define approaches that provide significant value to our clients by driving appropriate security strategies across these disciplines.
This individual will be working closely with key client decision makers and business leaders as well as varying levels of technologists requiring this individual to have solid communication skills with all levels of an organization. Additionally, this individual would be responsible for developing advanced enterprise security ideas aligned with key industry standards that can guide our security offerings into the future.
- Build strong client relationships and effectively influence staff at all levels of client organizations.
- Advise senior client management on securityrisks.
- Translate securityrisks to business impact.
- Consult and facilitate delivery of Information Security strategic goals and initiatives for clients
- Assists in the evaluation of overall risk for IT systems (including data), accounting for the people, processes, and technologies that provide security controls
- Architects, prioritizes, coordinates and communicates the choice of securitytechnologies necessary to ensure a highly secure yet usable computing environment
- Provide securityarchitecture and advice in support of application development, infrastructure, and enterprise technology projects.
- Coordinate with various project teams to communicate the necessity of security requirements and design constraints.
- Identify any gaps in existing application securityinfrastructure to meet project requirements, work with the Client Management to identify and roadmap solutions.
- Perform code analysis, application security reviews, and develop an application security training program.
- Stays current with securitytechnologies and make recommendations for use based on business value.
- Maintains an expert knowledge in the field of Information Security and the related issues, systems, processes, products, and services.
- Provide training and mentoring to client and consulting resources.
- Solid history of designing, developing, or customizing application authentication and authorization systems.
- Understanding of the OWASP Top 10 application securityrisks and how to address them.
- Working knowledge of the Microsoft Security Development Lifecycle (SDL), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM).
- Strong working knowledge of enterprise software technologies, application security, and infrastructure.
- Working knowledge of Microsoft Azure or other cloud computing platform offerings and security related services.
- Hands on experience with encryption, hashing, secure random number generation, key derivation, key management, digital signatures, etc. in one or more major development languages.
- Core understanding of web application security scanning software and related penetration testing tools
- General knowledge of core securitynetworking concepts like TLS, SSH, DNS, Firewalls etc.
- Solid understanding of cloud architecture as well as on premise IT landscape.
- General understanding of regulatory compliance and how it relates to application security and privacy.
- Applicable certification strongly preferred (e.g.,etc.) or obtained within 6months of employment
- Strong communication skills, both written and verbal.
- Good presentation skills.
- Ability to articulate technically advanced issues to all audiences.
- Highly seasoned in organizational, time management, decision making and problem solving skills
- Ability to mentor and train internal and client teams.
- Ability to work under pressure, establish priorities and respond with urgency.
- Bachelor's degreepreferred.
- 4+ years of advanced securityexperience.
- Minimum of 10 years application development experience ideally within the Microsoft development stack.
- Applicable certification strongly desired (CISSP, CISSP - ISSAP, CEH etc.) or obtained within 6months of employment.
Most important criteria is a strong desire to be part of a high performing team, providing quality solutions and experiences for our clients.