Job Details – this job has expired, please see similar jobs below
The Enterprise Security Architect - Application Security is part of the security team that ensures all Enterprise technology solutions are designed, implemented, and maintained in accordance with security best practices and organizational requirements. The Architecture team will advocate, design, and help drive implementation of processes and technology relating to risk and access control across the Enterprise organization; collaborates with the Information Risk group and Audit Group to identify & prioritize risk issues, technology audits, and compliance issues. The Security Architecture team owns security assessments, Security Policies and Standards, and the Security Risk Management Program. In addition, the Security Architecture team consults across the organization regarding security concerns.
Essential Duties and Key Responsibilities
Participate in defining and maintaining the security strategy for Application Security
Participate in providing information risk management consulting to the enterprise. Conduct risk assessments of new and existing technologies, primarily related to application security.
Participate in providing strategic technical architectures (current state, reference, transition) for the enterprise, which are used to guide subsequent solution, infrastructure, and application architectures
Recognize, identify, and address potential areas where existing security policies and procedures require change, or where new ones need to be developed, especially regarding future business expansion.
Work in partnership with application development resources to embed security into applications. Participate in establishing an inter-departmental DevSecOps culture to enable continuous security enhancements and new feature releases into the product design
Participate in development of application security threat models, and apply for identification and responding to threats. Work with the owners and teams to identify and arrange for deployment of appropriate compensating controls to address vulnerabilities, security gaps, and risks.
Participate in application and software development design reviews, code assessments, and development lifecycle planning
Evaluate and recommend product concepts & IT project requests to ensure adherence to security standards, particularly related to application security functions. This includes internal, third party, and cloud-based solutions.
Perform or contribute to security testing of systems.
Experience and Educational Requirements
College degree in related technical / business areas preferred
3+ years relevant work experience preferred
Experience or exposure to building security into the SDLC cycle, DevSecOps, and secure coding
Prior development experience is a plus
Experience with Automated and Manual Secure Code Assessments
Experience with Mobile application security
Experience with several of the following: Java, PHP, Python, C/C++/C#, Company website, .NET, Perl, common database technologies
Experience with dynamic application security testing
Penetration Testing experience is a plus
Professional Certification such as CISSP, CISM, SCF, GPEN, CEH, CPT, CCSK is a plus
Knowledge of application security technologies: Code scanners (Static and dynamic), application firewalls, vulnerability scanners
Knowledge of Identity and access technologies: AD/LDAP, Identity Management (IdM), industry standard authentication solutions (SAML, OAuth, OpenID, identity provider & service provider oriented platforms)
Knowledge of Industry Standards: ISO 17799/27001, CIS Critical Security Controls, NIST Publications, and other Industry Related Security Standards
Knowledge of Industry Regulations: Payment Card Industry (PCI), CPNI, SOX
Knowledge of Frameworks: ITIL, COBIT, NIST CSF
Knowledge of Cloud
Sign up and search through 27,979 curated jobs in the Entertainment & Media Edition: