Job Details

ID #21751283
State Illinois
City Chicago
Job type Permanent
Salary USD TBD TBD
Source Gables Search Group
Showed 2021-10-27
Date 2021-10-26
Deadline 2021-12-24
Category Security
Create resume

Application Security Architect

Illinois, Chicago, 60601 Chicago USA

Vacancy expired!

Job Title: Application Security Architect

Overview: Preferred location Chicago, IL but will consider candidates based in Georgia, North Carolina, Texas, Virginia, Maryland, Ohio or Louisiana. Must have the ability to travel to the Chicago, IL office as required.

What will your day look like? The Application Security Architect is a position of technical expertise, influence, and leadership within the Information Security team. The Application Security Architect is a deeply technical Security Expert helping to guide and its development organizations to develop sound security development practices. The incumbent will lead efforts to establish and improve secure SDLC activities and identify tools to integrate into the Agile development process to aid in evaluating the security of the applications. When appropriate, the incumbent will perform manual security testing of application components, such as APIs to ensure they are hardened against exploitation. When security flaws/vulnerabilities are identified, the Application Security Architect will follow the established processes to document, track, and work with development teams to ensure remediation. Responsibilities include leading efforts to create an appropriate application security testing plan based on features and changes scoped-in for new updates (releases) for the applications. General direction is received from the Sr. Manager, Application Security.

Responsibilities:

Do you see yourself doing this?
  • Help lead the Secure DevOps application security program by building, executing, and documenting a Secure Software Development Lifecycle
  • Utilization and maintenance of SAST/DAST tools including upgrades, reconfigurations, knowledge of vulnerabilities and experience integrating with build servers, bug tracking and ticketing solutions
  • Application security insight and implementation of best practices regarding security in software development, IoT platform, mobile application, user interface design frameworks, high performance messaging solutions and cloud-based solutions
  • Demonstrate subject matter expertise (SME) in securing both web and mobile applications against common issues (including OWASP Top 10), to include:
    • Knowledge of Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE) and remediation recommendations
    • Familiarity of vulnerabilities and attack methods, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), SQL Injection (SQLi), etc. and how to identify, trace and remediate these vulnerabilities
  • Determines security requirements based on business needs, knowing information security standards, conducting system security and vulnerability analyses and risk assessments, studying architecture/platform, identifying integration issues, and preparing cost estimates
  • Work with corporate security governance team to comply with internal SLA and policies
  • Research security technologies and maintain knowledge of current and emerging technologies / products / trends related to security architectural solutions.

Qualifications:

What makes you a great fit? You'll be a great fit if in addition to the completion of a Bachelor's degree from an accredited College or equivalent combination of education and experience required, and you have:
  • 5-7+ years in application security (prefer 1-2+ prior years in development)
  • Advanced written and oral communications skills with the ability give a program overview to senior level leadership and clients.
  • Able to build and manage a professional development and training program for Application Security Engineers and Architects
  • Technical knowledge and experience performing code reviews / reviewing results of static analysis tools (preferred)
  • Foundational knowledge of NIST 800-53 and the NIST Cyber Security Framework (CSF)
  • Experience building out and operating a Secure DevOps program
  • Experience with working with common commercially available and Open Source Dynamic and Static Application Security Testing solutions
  • Extensive enterprise development experience in Java and/or .NET languages (preferred)
  • Proven understanding of enterprise architectures and best practices for high-volume, high-availability web / mobile apps
  • Certified in at least one or more of the following certifications: GCIH, GPEN, OSCP, GREM, CISSP, CISA, CISM or other Incident response certifications.
  • Ability to travel (less than 20%)

When you're happy, we're happy! As a thank you for joining our team, you'll benefit from:

  • Competitive medical, dental, and free vision benefits
  • Competitive compensation plan
  • Contributions towards gym memberships
  • Generous PTO and banking holidays off

Vacancy expired!

Subscribe Report job