Application Security ArchitectPosted: 3 weeks ago
Alpharetta, GA 30005
Participate in end-to-end Security Engineering activities of the project, program or engagement.
Architect and Design security controls and policies to be implemented organization/application wide.
Revise existent security policies and procedures as well as propose new ways to get better data protection
Perform security auditing of design, configuration, application code, and necessary functionality to ensure verifiable security compliance throughout the System Development Life Cycle (SDLC).
Capable of evaluating & improving security posture throughout the SDLC.
Expertise in Secure Dev Ops implementation.
Review project work to assess compliance with policy, evaluate architecture usage, and identify needed improvements to the architecture and guidelines.
Conduct security requirements engineering, and protection needs elicitation in order to document customer security concerns and issues.
Assist security test planning and implementation based on perceived security needs of the system and the security solution provided.
Knowledge of Manual and Tool based Static/Dynamic Audits and Manual Penetration testing for large enterprise applications.
Compile reports on security metrics, project status, and compliance.
Act as Security Liaison to the project and coordinate with internal security engineering, evidence management and security risk / vulnerability analysis roles.
8 – 12 years of relevant experience in Application Security Domain.
Expertise in Secure Architecture, Secure Design and Code reviews.
Experience with AGILE, DevSec Ops implementation.
Knowledge of Manual penetration testing and Tool based Static/Dynamic Audits.
Web, mobile, API, and MicroServices design patterns and architectures.
Attack & defensive patterns within those design patterns and architectures.
Expertise in various Secure Code Analysis tools like Client Fortify SSC and SCA, Checkmarx; Vulnerability scanners like Client WebInspect and Web proxies like Burp Suite, Fiddler.
OWASP Top Ten, CWE, SANS.. etc.
AWS, Cloud security.
Regulatory regimes like PCI, GDPR, HIPAA, etc.
CISSP, OSCP, CEH Certified. (Desirable).