The Application Security Architect is responsible for a comprehensive review of the existing software application configuration (on-premise and cloud), influencing change in the controls standards, creation of easily consumed IT security standards, creation of application security patterns & diagrams, and ownership of the network security capability roadmap. This role is an essential ambassador for the shift in the technology culture to a Security-First culture.
- Produce security architecture work as part of initiatives related to software application security;
- Create and drive the application security capability 3-year roadmap with within Cybersecurity Services & respective IT partners; Create IT security standards easily consumed by IT partners
- Partner with Application Development teams to improve the application security services as part of CI/CD pipeline; Build application security patterns and designs as part of initiatives to modernize the network security posture; Proactively identify application security gaps through discovery & partner with app dev teams for swift remediation
- Innovate and think outside of the box to solve complex issues
- Influence change of control policies with Technology Risk Management & build strong partnerships with IT Architecture & DevSecOps partners
- Evaluate the existing application security controls, on-premise and cloud, identify improvements, and build plans into the application security capability roadmap for implementation
- Minimum of 7 years of Strong Cybersecurity experience across network, application (web, API) & public/private cloud security architecture (web application firewalls, containers, etc..)
- Experience in ethical hacking or vulnerability assessment on web apps, mobile, and thick-client (fuzzers, scanners, debuggers, decompliers)
- Familiarity with common web stack technologies (HTTP, REST, etc..) and platforms (e.g AngularJS, Tomcat, .Net, MS SQL, etc..)
- Understanding of core cryptography concepts
- Experience architecting automated data center processes, including provisioning, application and patch management, monitoring and alerting, capacity monitoring and planning, using execution and human approval workflow design and implementation.
- Bachelor’s degree preferred or equivalent experience