Application Security Architect

Software Guidance & Assistance, Inc., (SGA), is searching for an

• Work closely with others in IT to develop a secure SDLC with gating functions for application source code and IaC.
• Define metrics and reporting on application security policies and processes and track adherence.
• Proactively research and identify application security vulnerabilities and provide recommended counter measures.
• Work with application development teams to design applications that are inherently secure.
• Automate AppSecOps automated security testing processes including SAST, DAST and IAST as appropriate.
• Perform code deep dives to uncover security vulnerabilities or design flaws.
• Provide subject matter expertise in application code and IaC security best practices.
• Support and consult with development teams in application security, including threat modeling and code reviews.
• Advocate and champion ShiftLeft security initiatives and processes.
• Contribute in raising the security awareness of team members through instructions and hands-on training.
• Have general awareness on industry data privacy standards across cloud providers and vendor product liabilities.
• Work as an active participant in an Agile development environment; attend daily standups, sprint planning and retrospectives.

• Bachelor's degree in Computer Science or related field (or equivalent experience)
• 4 or more years of IT DevSecOps/AppSecOps experience.
• Proficiency in one or more programming languages (Python, Java, C etc.)
• Understanding of CWE 25 and OWASP Top 10; with experience in implementing remediation strategies.
• Experience in application security and threat modeling.
• Familiar with application security control frameworks and its current usage in applications (e.g., Authentication, Cryptography and Data Protection, Authorization, Web Access Firewall etc.).
• Excellent understanding of application security testing automation including SAST, DAST and IAST.
• Knowledge of web application technologies and layer 7 protocols like HTTP, FTP, DHCP etc.
• Knowledge of exploit development and vulnerability research and reporting.
• Knowledge of mobile app code security testing.
• Experience in AWS technologies are a strong plus.
• Exposure to Python, NGNIX, Gunicorn and ReactJS is a plus.
• Experience working with code management tools such as Github.
• Must have the ability to work in a dynamic, fast-paced environment.
• Strong communication skills with ability to interact with stakeholders at various levels.
• Strong problem solving and analytical skills