Summary Sheet: I.T. & Communications
| || || || |
|Advertiser Name||Request Technology - Anthony Honquest||Advertiser Type:||Agency|
|Classification:||I.T. & Communications||Subclassification:|
|Country:||United States||Location:||United States|
|Language:||English - United Kingdom (en-GB) ||Contact Name:||>Anthony Honquest|
|Employment Type:||Permanent||Workhours:||Full Time|
Position: Enterprise Security Architect - Application Security
Enterprise Security Architect Application Security
The Enterprise Security Architect - Application Security is part of the security team that ensures all Enterprise technology solutions are designed, implemented, and maintained in accordance with security best practices and organizational requirements. The Architecture team will advocate, design, and help drive implementation of processes and technology relating to risk and access control across the Enterprise organization; collaborates with the Information Risk group and Audit Group to identify & prioritize risk issues, technology audits, and compliance issues. The Security Architecture team owns security assessments, Security Policies and Standards, and the Security Risk Management Program. In addition, the Security Architecture team consults across the organization regarding security concerns.
Essential Duties and Key Responsibilities
- Participate in defining and maintaining the security strategy for Application Security
- Participate in providing information risk management consulting to the enterprise. Conduct risk assessments of new and existing technologies, primarily related to application security.
- Participate in providing strategic technical architectures (current state, reference, transition) for the enterprise, which are used to guide subsequent solution, infrastructure, and application architectures
- Recognize, identify, and address potential areas where existing security policies and procedures require change, or where new ones need to be developed, especially regarding future business expansion.
- Work in partnership with application development resources to embed security into applications. Participate in establishing an inter-departmental DevSecOps culture to enable continuous security enhancements and new feature releases into the product design
- Participate in development of application security threat models, and apply for identification and responding to threats. Work with the owners and teams to identify and arrange for deployment of appropriate compensating controls to address vulnerabilities, security gaps, and risks.
- Participate in application and software development design reviews, code assessments, and development life cycle planning
- Evaluate and recommend product concepts & IT project requests to ensure adherence to security standards, particularly related to application security functions. This includes internal, third party, and cloud-based solutions.
- Perform or contribute to security testing of systems.
Experience and Educational Requirements
- College degree in related technical/business areas preferred
- 3+ years relevant work experience preferred
- Experience or exposure to building security into the SDLC cycle, DevSecOps, and secure coding
- Prior development experience is a plus
- Experience with Automated and Manual Secure Code Assessments
- Experience with Mobile application security
- Experience with several of the following: Java, PHP, Python, C/C++/C#, Node.JS, .NET, Perl, common database technologies
- Experience with dynamic application security testing
- Penetration Testing experience is a plus
- Professional Certification such as CISSP, CISM, SCF, GPEN, CEH, CPT, CCSK is a plus
- Knowledge of application security technologies: Code scanners (Static and dynamic), application Firewalls, vulnerability scanners
- Knowledge of Identity and access technologies: AD/LDAP, Identity Management (IdM), industry standard authentication solutions (SAML, OAuth, OpenID, identity provider & service provider oriented platforms)
- Knowledge of Industry Standards: ISO 17799/27001, CIS Critical Security Controls, NIST Publications, and other Industry Related Security Standards
- Knowledge of Industry Regulations: Payment Card Industry (PCI), CPNI, SOX
- Knowledge of Frameworks: ITIL, COBIT, NIST CSF
- Knowledge of Cloud