Lead Application Security Architect

Lead Application Security Architect Job Description Template

Our company is looking for a Lead Application Security Architect to join our team.

Responsibilities:

  • Perform threat modeling, design reviews and code reviews as part of the development lifecycle;
  • Aligning the SDLC to industry standards, including Microsoft SDL, OWASP development guides, and PII related topics such as GDPR and CCPA;
  • Consulting product teams on how to architect and implement PCI & FFIEC compliant solutions and ensuring audit compliance;
  • Ability to understand business requirements and apply security without adversely affecting the desired functionality;
  • Understand, balance and communicate business risk with security risk;
  • Perform validation of security controls to insure adherence with compliance and industry best practices;
  • Perform hands on security testing of products and services to proactively discover risk and track them to resolution;
  • Perform security architecture and design reviews of systems and applications developed in NCR;
  • Perform security architecture and design reviews of systems and applications developed;
  • Perform hands on security testing of products and services to proactively Client risk and track them to resolution;
  • Performing POC and POT testing for integrating new 3rd party security products into the development and deployment processes;
  • Perform security architecture and design reviews of systems and applications developed in Client;
  • Aligning the Secure Development Lifecycle to industry standards.

Requirements:

  • Experience with Penetration Testing;
  • Active participation in cybersecurity forums/conventions (e.g. DEFCON, BlackHat) public speaking is a plus;
  • Technical certifications within information security are a plus (CISSP, CCSP, GIAC or equivalents);
  • Experience with Security tooling: Coverity, AppSpider, Seeker, AquaSec;
  • Experience with securing host, database, and application solutions for multi-tier systems;
  • 3+ years’ experience implementing PCI compliant solutions;
  • Firm understanding of enterprise class application architectures that are highly scalable and reliable and the ability to secure them;
  • 5+ years’ previous experience in information security;
  • 5+ years’ experience working within software development;
  • Experience with GCP, Azure, and AWS technologies;
  • Bachelor’s degree in Computer Science, Information Security/Cyber Security or equivalent;
  • Hacker mindset and always strives to think like an attacker;
  • Excellent analytical, evaluative, and problem-solving abilities;
  • Knowledge of automated attack tools and developing mitigation techniques;
  • Experience with containers and Kubernetes.