Security Architect

ePocrates   •  

Watertown, MA

Industry: IT Consulting/Services


8 - 10 years

Posted 301 days ago

This job is no longer available.

Responsibilities may include, but are not limited to:

  • Responsible for reviewing, building and deploying secure applications across the Athena environment
  • Identifies, highlights, and provides security recommendations during requirement and design reviews
  • Leads the security focused aspects of design/architectural reviews to enable identification and clear definition of possible issues to enable building usable and secure solutions
  • Builds an enterprise security level catalog of best practices, techniques and patterns to enable secure implementation of features in products/product families.
  • Leads threat modeling activities; including when teaching, coaching and mentoring teams and individual stakeholders to be effective threat modelers
  • Provides consultancy to product development/R&D, engineering and operations teams on security best practices and issue remediation when needed
  • Reviews and assesses process and other gaps to design proper solutions involving appropriate people, process and tools
  • Identifies and manages issues in various stages of product development to ensure systemic issues are resolved in a planned/staged manner moving from mitigation to resolution to elimination

Education, Experience, and Skills Required:
Must have:

  • Bachelors degree in Computer Science, IT, IS, Cyber Security or similar
  • 10 years of relevant security engineering experience with at least 2 years as a Security Architect
  • Maintained current knowledge of HIPAA, HITRUST, PCI-DSS requirements
  • Skilled at applying advanced risk management techniques to defeat advanced attackers
  • Experience in software and product development, securityarchitecture, product security, vulnerability assessment, infrastructuresecurity, security issue prevention and mitigation strategies

Ideally, you will also have:

  • CSSLP, CISSP, SANS certifications, or similar
  • Strong knowledge of programming languages – Java, Perl, Python, JavaScript, Node.JS
  • 5+ years of experience with assessing threats, risk, and vulnerabilities, while working with internal/external pen testing teams
  • 5+ years of experiences working with OWASP, SANS Standards or OSSTM and experience with COTS security products
  • 3+ years of Experience with Static and Dynamic Code Analysis tools like HP Fortify, HP WebInspect, IBM AppScan, VeraCode, Coverity etc.
  • 5+ years of working with and improving Secure Development Lifecycle practices in an Agile development environment
  • Sound knowledge of various FOSS and COTS components used to build tech stacks for product development
  • 5+ years of experience working with security frameworks like NIST, ISO etc
  • Experience with securing public cloud including when using AWS, Azure etc
  • Technical depth in LAMP stack, multiple COTS DBs like Oracle, iOS, Android, and, web services

Behaviors & Abilities Required:

  • Influences groups and stakeholder to obtain buy-in and participation without direct control
  • Technical thinking and understanding of systems, infrastructure and SW apps/platforms
  • Communicates effectively; conveys clear understanding of specific needs of product/ platform orgs
  • Ability to work minimal supervision, while being self-driven and motivated
  • Collaborates well with cross functional peers to enable convergence of direction/decisions
  • Building strong and solid working relationships across engineering and other related functional organization including product management, business owners et al
  • Builds consensus to enable driving to a successful customer-centric solution which is functional, secure and usable
  • Brings capability to visualize and effectively socialize a coherent mid to long term security vision to enable getting ahead of issues
  • Key words: Software security, SecurityArchitecture, OWASP, Secure Coding; Product Security