Vacancy expired!
IT Architect100% Remote!IT Application Security ArchitectIndustry Knowledge and Experience:The IT Application Security Architect (ITASA) is an experienced person who will work with IT to support business units across the enterprise using various technologies. As a senior member of the IT team, the ITASA s purpose is to help ensure the security, confidentiality, integrity, and availability of the our client ecosystem. You can succeed by working closely and overcommunicating with our client project teams across the agile train, business groups, and the IT security teams. It is the ITASA s responsibility to ensure effective remediation or controls around findings in web applications and data for our client initiatives. The ITASA will need the ability to be efficient working alone across multiple application and network teams.All ITASA s will, under the guidance of a Lead Application Security person, be responsible for actively reviewing and following existing security policies, procedures, and standards, as they relate to application security. As an ITASA, you will need to cultivate a culture of security awareness and continued education of personnel to ensure security policies are consistently adhered to. The application security team will work with the leading project individuals to identify, assess, remediate, or control risks related to application security. You will need to conduct individual security code reviews, pipeline automation, and scripting of security tools as is necessary in existing system architecture. You must have a solid understanding of security protocols, cryptography, authentication, authorization, and general application security requirements.As an ITASA you will work with Lead Application Security personnel to evaluate, recommend, design, and implement application security solutions increasing our client s application security posture and reducing application threat surfaces. You will need excellent written and verbal communication skills along with business acumen and an enterprise outlook to interact with a broad cross-section of personnel explaining and enforcing security measures. The ITASA may be expected to engage with third party vendors for tools to evaluate, improve and automate daily processes for the security team. Each ITASA will perform tasks in support of the current IT Security Roadmap and may be responsible for the intake, development, assessment, and management of new or existing tools.Technical Knowledge/Skill/Education/Licenses/Certifications:REQUIRED:
- Experience with auditing application and system architectures
- A minimum of 10+ years of Microsoft enterprise full stack web development
- Continuous learning on the job to keep up with a fast paced ever changing field
- Experience in information and IT risk management with a focus on security, performance, and reliability
- Knowledge of information systems and current industry security standards and practices
- Familiarity with two or more: OWASP, SANS, NIST, ISO27001, and/or COBIT 5
- Database security
- Mobile application security
- Enterprise user directory services
- System authentication and authorization
- Application encryption key management
- Web server configuration and hardening
- Azure SaaS /PaaS/IaaS security and design
- Auditing of information security subject areas
- Networking segmentation, systems, models, and processes
- minimum 3+ years of code review experience
- minimum 5+ years C# development
- minimum 2+ years of NodeJS experience
- minimum 2+ years scripting language (PowerShell, python)
- minimum 1+ year of React experience
- Bachelor s degree
- Demonstrated knowledge of web application penetration testing is preferred
- Certification (SABSA, CISSP, etc.) in topics the address security directly is preferred.
- Familiarity with: OWASP, Checkmarx, Burp, ZAP, IBM AppScan
- Security: principles, data access, encryption, HTTP modules / handlers
- Database: structure, ddl, sql, data organization and optimization, Entity Framework
- Programming: JSON / XML patterns, development techniques to facilitate testing, advanced constructs
- Web Services: soap / rest, Web API, Node why, when, how
- Web: http(s) request / response messaging, ASP.NET / MVC / .NET Core
- GUI: JavaScript, jQuery, CSS, HTML5, Bootstrap, React
- Azure: subscriptions, resource groups, regions, app registrations, AKV, Managed Identities
Vacancy expired!