Security Architect - Cloud

Greetings,

• Formalize and evangelize security architecture framework;
• Develop in-depth security architecture, design and coding standards across cloud, application and data security;
• Drive a standardized set of security requirements that align with internal/industry standard/regulatory requirements;
• Define technical and functional security requirements covering areas of application and software design;
• Identification of application and API workflows to ensure enforcement of security architecture;
• Working with development teams to ensuring the incorporation of security testing into the development lifecycle;
• As needed, develop manual and automated penetration and/or vulnerability testing of web application, APIs, systems, and networks;
• Assess risk for all proposed application and application infrastructure related changes;
• Communication of any discovered vulnerabilities or outstanding residual risk concerns to peer group and leadership;
• Design security processes into the full application lifecycle; and
• Provide application and cloud security related coaching and mentoring to associates in Development and IT.
• Serve as the technical point of contact for secure development as it relates to automation, CI/CD and code being developed and deployed into the cloud

• Bachelor’s Degree in Computer Science, Information Systems, or other related field. Or equivalent work experience;
• Knowledge in understanding various domains such as security architecture, system and network security, authentication and authorization protocols, cryptography, and application security.
• Understanding of security by design principles, DevSecOps, architecture level concepts, security frameworks (NIST and PCI), OWASP, etc.
• Experience with various application security tools including SAST/DAST, penetration testing, etc.
• Experience securing cloud infrastructure and cloud applications in Azure.
• Knowledge of current and emerging security technologies, threats and techniques for exploiting security vulnerabilities in the code or application.
• Experience in analyzing threats of cloud and application components.
• Experience in implementing and integrating security tools into CI/CD.
• Experience with data security and governance.
• Experience in development and scripting languages (C#/.Net, Javascript, etc.).
• Experience with securing APIs.
• Experience with Web Application Firewalls.
• Experience in OWASP Top 10, CVE/CVSS research and/or bug bounty recognition.
• Ability to clearly communicate gaps and risks to leadership through verbal dialogue or written communication.
• Relevant security certifications such as OSWE, GWAPT, OSCP, GPEN, CNDA, CRTSA, GDSA, and CISSP-ISSAP.