Application Architect Security Apply
Summary
- The client is looking for an Application Architect with deep experience in application security review and design. The Application Architect should be a subject matter expert in defining app security requirements, performing application security assessments, and providing developer teams with guidance on security best practices.
Job Responsibilities
- Work independently with application developers, system/network administrators, product owners, and other colleagues to ensure secure design, development, and implementation of applications and networks.
- Perform security architecture design reviews of Client developed applications
- Perform code analysis of large applications, manually and using static application security testing (SAST) and dynamic application security testing (DAST) scanning solutions as well as conducting manual vulnerability analysis.
- Provide remediation guidance and recommendations to developers and administrators.
- Work with Application Development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests
- Create security best practices and standards and ensure Application Development teams understand them and receive pertinent annual secure coding training
Skills Needed
- 10+ years of demonstrated industry experience with application development, leadership and application security work
- Proficiency in reading, writing, and auditing Python, Javascript, Angular, PL/SQL, Oracle Apex low-code and the ability to pick up new languages/technologies
- Authoritative knowledge of OWASP
- Strong familiarity with common vulnerabilities and attack vectors
- Knowledge of web service technologies, load balancer services (i.e.Cloudflare, F5, etc.) and RESTful APIs
- Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OAUTH, SAML, LDAP, etc.)
- Solid understanding of secure network and system design in both cloud (AWS) and conventional environments
- The ability to communicate complicated technical issues and the risks they pose to developers, network engineers, system administrators, and management