Vacancy expired!
Job Description
IT Application Security Architect IT Application Security Architect- The IT Application Security Architect (ITASA) is an experienced person who will work with IT to support business units across the enterprise using various technologies.
- As a senior member of the IT team, the ITASA's purpose is to help ensure the security, confidentiality, integrity, and availability of the client's ecosystem.
- You can succeed by working closely and over-communicating with the client's project teams across the agile train, business groups, and the IT security teams.
- It is the ITASA's responsibility to ensure effective remediation or controls around findings in web applications and data for the client's initiatives.
- The ITASA will need the ability to be efficient working alone across multiple application and network teams.
- All ITASA's will, under the guidance of a Lead Application Security person, be responsible for actively reviewing and following existing security policies, procedures, and standards, as they relate to application security.
- As an ITASA, you will need to cultivate a culture of security awareness and continued education of personnel to ensure security policies are consistently adhered to.
- The application security team will work with the leading project individuals to identify, assess, remediate, or control risks related to application security.
- You will need to conduct individual security code reviews, pipeline automation, and scripting of security tools as is necessary for existing system architecture.
- You must have a solid understanding of security protocols, cryptography, authentication, authorization, and general application security requirements.
- As an ITASA you will work with Lead Application Security personnel to evaluate, recommend, design, and implement application security solutions increasing the client's application security posture and reducing application threat surfaces.
- You will need excellent written and verbal communication skills along with business acumen and an enterprise outlook to interact with a broad cross-section of personnel explaining and enforcing security measures.
- The ITASA may be expected to engage with third-party vendors for tools to evaluate, improve and automate daily processes for the security team.
- Each ITASA will perform tasks in support of the current IT Security Roadmap and may be responsible for the intake, development, assessment, and management of new or existing tools.
- IT Application Security Architect must have experience with auditing applications and system architectures.
- A minimum of 10+ years of Microsoft enterprise full-stack web development.
- Continuous learning on the job to keep up with a fast-paced ever-changing field.
- Experience in information and IT risk management with a focus on security, performance, and reliability.
- Knowledge of information systems and current industry security standards and practices.
- Familiarity with two or more: OWASP, SANS, NIST, ISO27001, and/or COBIT 5.
- General knowledge of security aspects across these areas:
- Database security.
- Mobile application security.
- Enterprise user directory services.
- System authentication and authorization.
- Application encryption key management.
- Web server configuration and hardening.
- Azure SaaS/PaaS/IaaS security and design.
- Auditing of information security subject areas.
- Networking segmentation, systems, models, and processes.
- Ability to read and understand code (.Net C#, JavaScript, NodeJS, HTML, CSS, React)
- Minimum 3+ years of code review experience.
- Minimum 5+ years C# development.
- Minimum 2+ years of NodeJS experience.
- Minimum 2+ years scripting language (PowerShell, Python)
- Minimum 1+ years of React experience.
- Minimum 2+ years experience with Azure, including Infrastructure as Code.
- Bachelor's degree
- Demonstrated knowledge of web application penetration testing is preferred.
- Certification (SABSA, CISSP, etc.) in topics the address security directly is preferred.
- Familiarity with: OWASP, Checkmarks, Burp, ZAP, IBM AppScan.
- Security: principles, data access, encryption, HTTP modules/handlers.
- Database: Structure, DDL, SQL, data organization, and optimization, Entity Framework.
- Programming: JSON/XML patterns, development techniques to facilitate testing, advanced constructs.
- Web Services: SOAP/REST, Web API, Node why, when, how
- Web: HTTP(s) request/response messaging, ASP.Net/MVC/.Net Core
- GUI: JavaScript, jQuery, CSS, HTML5, Bootstrap, React
- Azure: subscriptions, resource groups, regions, app registrations, AKV, Managed Identities.
Vacancy expired!