Application Security Architect

United States, New York City, NY
Job ID: 1846

Job Description

Our client, a global financial institution, is looking for an experienced Application Security Architect. They are looking for a passionate individual who thrives in a teams that rapidly ideates, implements and iterates, in order to and produce the best product possible result fortheir clients. They are building a new, cloud-native product from the ground up – join them on their journey and influence the architecture and implementation they use to develop a highly-scalable, revenue producing platform.

Role Responsibilities:

  • Partner with engineers to co-design / architect cloud products with applicable security controls
  • Work with the team to develop and implement platform level controls, templates and design patterns that by default enforce baseline security requirements
  • Perform software architecture design and manual code/configuration reviews
  • Serve as a technical security champion for the engineers and architects
  • Review security assessment reports from pentest and code review engagements, help the team with risk rationalization, and develop and implement mitigation strategies
  • Liaison with the firmwide TechRisk team to perform deep dive technical assessments and manage our risk portfolio

Technical Experience and Qualifications Required:

  • 5+ years’ experience in one or more technical roles performing Threat Modeling or Secure Design Reviews
  • Knowledge of most common Application Security vulnerabilities – e.g., OWASP Top 10 and cloud security gaps
  • Familiarity with Security standards such as OWASP Testing Guide, OWASP ASVS, NIST and Sans top 20
  • Common security controls and how they apply to different designs and systems including but not limited to secure authentication, access controls, encryption (at rest/ in transit), IDS/IPS, DLP, malware etc.
  • Experience in application vulnerability assessment and penetration testing of web, thick-client, or mobile applications
  • Working knowledge of application security tools such as fuzzers, scanners, debuggers, decompilers, proxies, simulators, etc.
  • Familiarity with modern and common web stack technologies (e.g. HTTP, HTML5, AJAX, REST, etc.) and platforms (e.g. DropWizard, Springboot, React, Tomcat, .Net, MS SQL, MongoDB, etc.)
  • Familiarity with AWS cloud services, recommended security best practices and secure deployment patterns
  • Understanding of core cryptography concepts (Encryption, Hashing, HMAC, digital signatures) and how they are applied and attacked in web applications (e.g. TLS attacks, CBC attacks)
  • Ability to analyze protocols (OAuth, SAML, OIDC), flows and interactions in a system design to evaluate gaps
  • Ability to identify threats, abuse cases, and gaps in the design before it is implemented.
  • Good written and oral communication to be able to articulate risks to both technical stakeholders and management

Nice to have qualifications:

  • Experience in crafting custom proof of concept application exploits using testing tools/frameworks or scripting exploits in Python, Pearl, JavaScript, Shell scripting, etc.
  • Knowledge of network, application and operating system security risks
  • MS. in Computer Science, System/Computer Engineering, Cyber-Security, or Information Security
  • Experience or trainings in related disciplines e.g. computer science, computer security, software development, system design, open source frameworks, encryption schemes, etc.

Apply for this role

All fields marked with * are required.

  I confirm that I have the right to work in this location. *

Back to Job Listings