Application Security Architect

Application Security Architect Job Description Template

Our company is looking for a Application Security Architect to join our team.

Responsibilities:

  • Strong understanding of common vulnerabilities in web and enterprise applications;
  • Advocate and enforce cybersecurity best practices and share insights throughout the organization;
  • Requires one of the following certifications: CISSP, CISM, CISA, TOGAF, GAIC, CIPT or equivalent;
  • Manage relationships and interactions with human resources, legal, customers, and internal audit departments;
  • Experience in using architecture methodologies such as SABSA, Zachman and TOGAF;
  • Articulate application security solutions to business partners in a comprehensible manner;
  • Engage with security architects to capture design requirements for application architectures and implementation strategies;
  • Collaborate with engineers to create and implement standardized practices and follow routine processes to promote secure systems;
  • Perform security architecture and design reviews of systems and applications developed;
  • Participate in tactical projects as they arise to clarify and respond to identified security risks across different technical domains;
  • Participate in on-call rotation for security operations responsibilities, including security incident response;
  • Ability to understand business requirements and apply security without adversely affecting the desired functionality;
  • Work with various teams to design a security strategy to enhance the security of the current software development lifecycle;
  • Other duties as assigned;
  • Execute tasks aligned to application security with autonomy.

Requirements:

  • Excellent analytical, evaluative, and problem-solving abilities;
  • Experience in and commitment to agile software delivery principles and practices;
  • Understand different application types and the unique security threats each presents;
  • Expertise in mitigating and addressing technology or application threat vectors;
  • Familiarity with static code analysis tools and services;
  • Bachelor’s Degree in Computer Science or related field – equivalent work experience will be considered;
  • Able to travel to any domestic and international location;
  • BS or MS Degree in Computer Science or related field;
  • Experience with privacy requirements of a global corporation (e.g. GDPR, CCPA);
  • Excellent knowledge of Relational Databases, SQL and ORM technologies (JPA2, Hibernate);
  • Experience with various cloud providers (GCP/Azure/AWS);
  • Hands on experience in designing and developing applications using Java EE platforms;
  • Experience in Spring framework;
  • Profound insight of Java and JEE internals (Classloading, Memory Management, Transaction management etc);
  • Experience with Cloud and virtualized technology in environments such as AWS and Azure.