blog
Job

The Role

Application Security Architect

BSIMM, Stride, MITRE, CIS, and others.

  • Build strong relationships and effectively influence product engineering
  • Translate security risks to business impact
  • Architects, prioritizes, coordinates, and communicates the choice of security technologies necessary to ensure a highly secure yet usable computing environment
  • Provide security architecture and advice in support of application development, infrastructure, and enterprise technology projects
  • Perform code analysis, application security reviews, and develop an application security training program
  • Stay current with security technologies and make recommendations for use based on business value
  • Maintain expert knowledge in the field of Information Security and the related issues, systems, processes, products, and services
  • Provide training and mentoring to clients and consulting resources

Requirements

  • Understanding of the OWASP Top 10 application security risks and how to address them
  • Working knowledge of the Microsoft Security Development Lifecycle (SDL), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM)
  • Working knowledge of Amazon AWS, Microsoft Azure, or other cloud computing platform offerings and security-related services
  • Integration of security tools through API's, webhook, or other custom integration
  • Hands-on experience with encryption, hashing, secure random number generation, key derivation, key management, digital signatures, etc. in one or more major development languages
  • Core understanding of web application security scanning software and related penetration testing tools such as SAST/DAST/IAST/SCA
  • Deep understanding of service-oriented architecture, building internet-scale, distributed, and critical services
  • Extensive knowledge of Java and the Java Ecosystem
  • Proficiency in Python, JavaScript, and other scripting languages
  • Experience with architecture and security reviews, threat modeling applications, and identifying areas of risk
  • Experience implementing strategies to support secure and compliant architectures
  • Knowledge of network architectures, topologies, and concepts (Firewalls, LB, WAF, CDN, VPC, ACL, TLS, SSH, and DNS)
  • Excellent written and verbal communication
  • Ability to scale by evangelizing your work to leadership and engineers including writing requirements and solid technical guides
  • Familiar with compliance regulations like; PCI, GDPR, SOC2, SOX
  • An affinity and experience with an automation and development-based approach to security
  • Ability to collaborate with multi-functional teams located in different time zones to drive fixes and alignment to established policies
  • BS in Computer Science or Equivalent with 10+ years of experience

Nice to Have

  • MS in Cyber Security, Information Security, MIS, or equivalent
  • Knowledge of the MITRE ATT&CK Framework
  • Industry security certifications such as CISSP, CEH, or others
  • Experience in conducting social engineering-focused assessments
  • Experience in CTF competitions, CVE research, and/or Bug Bounty recognition
  • Experience in Web and Mobile (Android/iOS) based application/service assessment
  • Experience in Wireless and Network assessment in enterprise infrastructure
  • Experience in reverse engineering and associated tooling such as IDA
  • Knowledge of fuzzing, memory corruption, and exploit development
  • Knowledge about hardware hacking
PatchesMisc