Application Security Architect
Location: Dallas TX, Tampa FL, or Washington DC (DMV Area) (Hybrid 2-3 days on-site)
Compensation: $140,000 - $160,000 + 20% bonus
As an Application Security Architect in Cybersecurity Architecture, you will drive a comprehensive review of the existing application configuration (on-premises and cloud), influence change in controls standards, creation of IT security standards easily consumed by stakeholders, creation of application security patterns & diagrams, and ownership of the application security capability 3-year roadmap.
The Security Architecture role specializes in providing expert technical advice to support the design and development of information security systems and secure networks in compliance with security requirements. Conducts technical assessments of security architecture, evaluates existing and proposed technical architectures for security risks, and provides recommendations to mitigate those risks. Responsible for security protocol related to desktop applications, web applications, and cloud computing.
Core Focus:
- Produce security architecture deliverables as part of initiatives related to application security
- Partner with application development teams to improve application security services as part of CI/CD pipeline
- Proactively identify security gaps, propose solutions, and follow through with engineering teams for implementation
- Innovate and deliver creative solutions to complex issues
RESPONSIBILITIES:
- Create and drive the application security capability 3-year roadmap with within Cybersecurity Services & respective IT stakeholders
- Influence change of control policies with Technology Risk Management & build strong partnerships with IT Architecture & DevSecOps partners
- Create IT security standards easily consumed by IT stakeholders
- Proactively identify application security gaps through discovery & partner with app dev teams for swift remediation
- Build application security patterns and designs as part of initiatives to modernize the network security posture
- Evaluate the existing application security controls, on-premises, and cloud, identify improvements, and build plans into the application security capability roadmap for implementation
- Mentor junior security engineers to enhance their security skills
- Create white papers and present in industry conferences to present thought leadership in the security field
- Aligns risk and control processes into day-to-day responsibilities to monitor and mitigate risk; escalates appropriately
REQUIREMENTS:
- 5+ years of related experience
- Bachelor's degree in Computer Science, Cyber Security or related disciplines preferred
- Strong Cybersecurity experience across network, application (web, API) & public/private cloud security architecture (web application firewalls, containers, etc.)
- Experience in ethical hacking or vulnerability assessment on web apps, mobile, and thick-client (fuzzers, scanners, debuggers, decompilers)
- Experience in performing code review of popular web application programming languages (Java, JavaScript, C++, Python, Perl, etc.)
- Familiarity with common web stack technologies (HTTP, REST, etc..) and platforms (e.g., AngularJS, Tomcat, .Net, MS SQL, etc.)
- Understanding of core cryptography concepts
- Experience with Information Security frameworks (e.g., ISO 27001 and NIST) & security architecture frameworks
- Experience architecting automated data center processes, including provisioning, application, and patch management, monitoring and alerting, capacity monitoring and planning, leveraging execution and human approval workflow design and implementation
- Experience in OS security (Windows, Linux) and RDMS is preferred