Address
Form of workJob Description
Application Security Architect - Seeking Military Veterans
Our New York City based company is committed to providing global securities markets with objective, timely, independent, and forward-looking credit opinions. Their Technology Risk team is growing rapidly and has an immediate opening for a talented Application Security Architect to join its ranks. This role will require the development, implementation, and administration of a comprehensive enterprise Application Security program which will ensure the confidentiality, integrity, and availability of information owned, controlled and/or processed by the company.
Candidates with at least 5 years of experience in an Application Development or Information Security function are preferred along with a firm understanding of security concepts relating to all technical areas involved in developing, building, deploying, and running modern applications in both on-premises and cloud environments.
We would love to hire a talented military Veteran for this position because they've been trained by the best and have skills, leadership, and "can-do" attitude that make them a successful Application Security Architect.
If you're looking to join an industry-leading company that is eager to support your career progression and are comfortable with a light (if any) travel schedule, we encourage you to apply today!
You just need to live an hour of New York City or close to a local airport if working remotely.
We love to promote from within!
WHAT YOU'LL DO
- You will be responsible for managing an Application Security program that includes architectural design reviews, code scanning, web application scanning, and penetration testing, as well as developing applicable training programs and Application Security standards. Your solid understanding of application architectures will help identify security gaps, develop controls, and design solutions that meet business objectives while complying with security standards and regulatory requirements.
- As an experienced Application Security Architect, you will provide guidance to the Technology Risk team, the Application Development teams, the DevOps team, the Cloud Engineering team, as well as to other internal engineers and developers. Using developed communication skills, you will provide thought-leadership and consulting-like services in subject matter expertise disciplines such as Application Security Architecture, secure application development, developer training, Application Security testing tools, penetration assessments, bug bounties, metrics and measurement, and standards, guidelines, processes, and procedures.
JOB RESPONSIBILITIES
- Understand the fundamental business activities and its portfolio of business operations.
- Maintain current knowledge of threats, regulations, and compliance related to information security.
- Based on this knowledge, develop, maintain, and oversee an enterprise-wide Application Security program that is aligned with the company business strategy.
- Provide subject matter expertise to management on a range of Application Security best practices.
- Thoroughly understand secure application design principals, including the areas of authentication, authorization/least privilege, logging, encryption, data masking, data retention, and secure data transmission.
- Understand how these principles can be used to implement a zero-trust architecture.
- Collaborate with project teams and other system architects/engineers to develop designs for security mechanisms in applications, as well as designs for the applications' supporting infrastructure.
- Provide strategic and tactical security guidance for secure application development, including the evaluation and recommendation of technical controls.
- Assist in the development and management of security policies, standards, procedures, and guidelines.
- Conduct Application Security Architecture reviews and perform Application Security assessments.
- Direct the selection, configuration, integration, and management of Application Security testing tools, specifically SAST tools for code scanning, DAST tools for runtime testing, and SCA tools to test for and block vulnerable third-party libraries.
- Partner with application development, DevOps, and Cloud Engineering teams to incorporate security throughout existing SDLCs and development and build practices.
- Work with the training department to manage a secure application development training program.
- Manage the penetration assessment program and track remediation of findings.
- Assist and advise on development of comprehensive Application Security metrics to report on areas such as application risk and security flaw remediation progress.
- Remain current with industry trends and security threats to advise management on how to mitigate and contain risks to the business.
REQUIREMENTS
- At least 5 years of experience in an Application Development or Information Security function
- Experience in developing applications in Java, C#, JavaScript, Python, or other modern OOP languages
- Experience managing automated Application Security testing tools, including Static and Dynamic Application Security Testing (SAST/DAST) and Software Composition Analysis (SCA)
- Experience with application testing tools (e.g., Burp Suite, Fiddler, Zap, Wireshark, Metasploit)
- Solid understanding of the most common Application Security risks (OWASP Top 10, SANS/CWE Top 25)
- Solid understanding of application, database, and network vulnerability testing principles
- Strong technical and business writing skills, plus the ability to effectively explain plans and solutions verbally to both technology and business units
RECOMMENDED SKILLS/EXPERIENCE/EDUCATION
- Solid understanding of DevOps tools, including IDE (e.g., Eclipse, IntelliJ, Visual Studio), SCM (e.g., Bitbucket), CI/CD (e.g., Bamboo), Defect Tracking (e.g., Jira), Source Code Quality (e.g., SonarQube)
- Solid understanding of cloud environments (AWS, Azure), their underlying architectures, and their native tools and capabilities, as well as the container management solutions (EKS, AKS) that sit in them
- Understanding of current data privacy regulations, PCI requirements, NIST standards, and implementing processes and/or technology to ensure compliance and effective data protection controls
- Experience performing architectural security assessments of applications and their environments
- Experience conducting vulnerability assessments and assisting with development of remediation plans
- Recommended general security certifications: CISSP (strongly preferred), CISA, or CISM
- Recommended Application Security certifications (one or more): OSCP/ OSEP/OSWE, CEH/LPT, CPT/CEPT, CASS, CASE, CMWAPT, CRTOP, GIAC GEVA/GPEN/GWAPT/GCPN/GXPN/GMOB/GDAT
- Bachelor's/Master's degree in Computer Science or a related field, or equivalent work experience
- Ability to support a 24/7 on-call function
COMPENSATION & BENEFITS
- $200k $230k (Depending on your experience)
- ($#) per diem for meals (all travel expenses covered).
- Outstanding Health Insurance
- 401K with company match
- Company-paid Life Insurance
- Paid Vacations and holidays
WORK SCHEDULE
- Work from your home as base of operations
- Extensive travel to NYC when required.
- Some week-end travel may be required.
NEXT STEPS
- Apply Now!
- We will personally review your application and respond.
- However, if you need to follow up on your status, feel free to email Jay Sheehan (JS at 7Eagle dot com) after four business days.
We strongly encourage Veterans and military spouses to apply, though this position is open to everyone.
