Lead Application Security Architect
In this mission critical role as Lead Application Security Architect, you will serve as the AppSec Technical Lead for global, enterprise-wide applications and services. Work in a fast-paced environment, helping teams to work in a DevSecOps model in a world of containers, automated pipelines, and rapid deployments. Be instrumental in leading the implementation to secure applications and services in a cloud environment.
Security Architect Key Responsibilities
- Collaborate with engineers, consultants and leadership to address security risks and provide mitigation recommendations within the Secure Development Lifecycle (SDLC).
- Aligning the SDLC to industry standards, including Microsoft SDL, OWASP development guides and PII related topics such as GDPR and CCPA.
- Perform proof-of-concept and proof-of-technology testing for integrating new 3rd party security products into the development and deployment processes.
- Perform threat modeling, design reviews and code reviews as part of the development lifecycle.
- Perform security architecture and design reviews of systems and applications.
- Validate security controls and perform hands-on security testing of products and services
- Understand, balance and communicate business risk with security risk.
- Apply security without adversely affecting the desired functionality.
Security Architect Required Skills and Experience
- Bachelor’s degree in Computer Science, Information Security/Cyber Security or equivalent.
- 5+ years information security, security architecture, and design reviews
- 5+ years working within software development.
- 3+ years experience implementing PCI compliant solutions.
- Excellent written and oral communication skills, as well as interpersonal skills including the ability to articulate to both technical and non-technical audiences.
- Firm understanding of enterprise class application architectures that are highly scalable and reliable and the ability to secure them.
- Experience with containers and Kubernetes, as well as GCP, Azure, and AWS technologies.
- Experience with multiple languages such as Java, .Net, and Node.js etc.; ability to detect and remedy related security issues such as OWASP top 10.
Security Architect Preferred Skills and Experience
- Security tooling: Coverity, AppSpider, Seeker, AquaSec.
- Securing host, database and application solutions for multi-tier systems.
- Penetration Testing.
- Implementing PCI & FFIEC compliant solutions and ensuring audit compliance.
- Automated attack tools and developing mitigation techniques.
- Hacker mindset, striving to think like an attacker.
- Technical certifications within information security (CISSP, CCSP, GIAC or equivalents).
- Active participation in cybersecurity forums/conventions (e.g. DEFCON, BlackHat) public speaking is a plus.
Relocation assistance is available; we regret that sponsorship is not.
For more information on the Lead Application Security Architect position, please contact Justin: Justin@compass-sys.com or 603-778-9090