Lead Application Security Architect
Locations: Jersey City or Whitehouse station or Philadelphia
Duration: 3-6 months contract to hire
Job description:
We are looking for an Application Security specialist with 10+ years of extensive experience & knowledge in developing security solutions & providing governance for both cloud and on-premise applications.
The individual will possess a strong understanding of application technology stack, development methodologies and secure development controls. He will also possess a keen eye for detail and be able to identify security issues in application architecture.
Essential Functions
• Work with Enterprise Architecture teams to conduct application design reviews. Identify threats and potential security issues and help the teams with practical secure control recommendations
• Develop security metrics & measurement capability to demonstrate application security and SDLC security activities
• Act as a trusted security consultant across the global enterprise
• Provide technical security leadership to app dev architects and software developers for secure software development using both agile and traditional waterfall methodologies
• Stay current with attacks, industry trends and threat mitigation measures in the application security space
• Communicate timely and accurately - project related security risks and countermeasures to information to relevant parties
• Seeks for innovation and creativity in security solutions
Required Skills/Experience
• Expert level knowledge in SAST, DAST, IAST, RASP, WAF and related technologies
• In depth knowledge of OWAP Top 10, SANS CWE top 25 and other application level risks and attacks
• In depth knowledge of Secure Design Review and Threat Modeling methodologies
• Experience in HTML, Java, JavaScript, and .Net, and scripting languages like Python, C Shell, Perl etc.
• Experience with Web Services security (REST, SOAP, XML, etc.)
• Experience with scripting languages such as Python, C Shell, Perl etc.
• Experience with API gateways and authentication protocols such as OAuth, OpenID Connect and SAML
• Familiarity with Cloud security controls for SaaS, IaaS, and PaaS
• Familiarity with static code analysis tools like IBM Appscan, Client Fortify, & Veracode.
• Familiarity with container technologies such as Docker, Kubernetes.
• Familiarity with DevOps processes & principles.
• Strong written and oral communication skills.
•
Last updated on Nov 16, 2021