Primary Job Duties and Responsibilities (Essential Job Function)
The cyber security architect - application security, leads enterprise secure development lifecycle efforts. This role is responsible for developing, communicating, and advising on application security standards. Provides technical advice and direction to support the design and development of secure cloud applications. May participate in an incident management team, bringing advanced-level skills to respond to security events in line with incident response playbooks. Evaluates existing and proposed technical architectures for security risk, provides technical advice to support the design and development of secure architectures and recommends security controls to mitigate those risks. Evaluations of internal security architecture may include design assessment, risk assessment, and threat modeling.
Formalize and evangelize security architecture framework for applications.
Develop in-depth security architecture, design and coding standards across cloud, applications, and data security.
Serve as the technical point of contact for development as it relates to security automation, CI/CD and products being developed and deployed into the cloud.
Define technical and functional security requirements covering areas of application and software design.
Identification of application and API workflows to ensure enforcement of security architecture.
Perform security risk assessments for all proposed application-related changes.
Represent the office of the Chief Security Officer in evaluating technology initiatives and projects to determine advanced cybersecurity requirements and controls necessary to comply with company policies, standards, and industry best practices.
Engage with senior IT and business leaders and the CSO to address complex design considerations to appropriately manage risk on behalf of the company.
Align application solutions with industry security standards and frameworks and cloud security best practices.
Participate in full solutions lifecycle including engaging with key business stakeholders to understand requirements, performing business analysis and relaying feedback to development partners to improve future offerings.
Demonstrate flexibility and resilience in response to changing or ambiguous situations.
Evangelize security and application solutions and controls by creating and communicating presentations both internally and externally.
Stay current on industry trends and cloud provider capabilities.
Support escalations from Security Operations Center Analyst team requiring application-specific expertise.
Maintain strong understanding of networks and topography across the business to ensure adequate defense in depth design across the enterprise.
Performs any additional responsibilities as requested or assigned.
Qualifications - Internal
Bachelor’s degree in Computer Science, Information Technology or related field, or an equivalent combination of education and work experience. (Typically, four years of additional related, progressive work experience would be needed for candidates applying for this position who do not possess a Bachelor’s degree. A minimum of two years additional directly related technical experience is required.)
Prior Job Experience
Minimum of six years of experience in progressively responsible information technology roles.
5+ years of experience in developing, implementing, or architecting information systems
Knowledge, Skills and Abilities
Knowledge in understanding various domains such as security architecture, system and network security, authentication and authorization protocols, cryptography, and application security.
Experience in analyzing threats of cloud and application components.
Experience in implementing and integrating security tools into CI/CD process.
Understanding of security by design principles, architecture level concepts, security frameworks (NIST and PCI), OWASP, etc.
Experience with various application security tools including SAST/DAST, penetration testing, etc.
Experience securing cloud applications in AWS, Azure, and/or Oracle Cloud.
Knowledge of current and emerging security technologies, threats, and techniques for exploiting security vulnerabilities in the code or application.
Experience with data security and governance.
Experience with securing API’s to external entities.
Experience with Web Application Firewalls.
Knowledge of Agile and Scrum processes.
Excellent oral and written communication skills, including presentation skills.
Effective interpersonal skills and customer relationship skills.
Effective analytical, problem-solving, and decision-making skills.
Advanced knowledge of security principles is desired through achievement of advanced security certification including CISM or CISSP.
Tanzu, Pivotal, Kubernetes, and/or Docker experience preferred.
Knowledge of fuzzing, memory corruption and exploit development preferred.
Terraform or other infrastructure-as-code experience preferred.
Knowledge of information technology terms, equipment, systems, functions and major vendors.
Ability to obtain and maintain a government security clearance of a Secret classification or higher.
IP networking skills, adept at UNIX shell scripting, PERL, BASH, Powershell or Python abilities, and the ability to manipulate and massage data preferred.
Project management skills: ability to prioritize and handle multiple tasks and projects concurrently.
Work Environment and Physical Demands
General office environment. No physical demands required.