Application Security Architect
Our client, a global financial institution, is looking for an experienced Application Security Architect. They are looking for a passionate individual who thrives in a teams that rapidly ideates, implements and iterates, in order to and produce the best product possible result fortheir clients. They are building a new, cloud-native product from the ground up – join them on their journey and influence the architecture and implementation they use to develop a highly-scalable, revenue producing platform.
- Partner with engineers to co-design / architect cloud products with applicable security controls
- Work with the team to develop and implement platform level controls, templates and design patterns that by default enforce baseline security requirements
- Perform software architecture design and manual code/configuration reviews
- Serve as a technical security champion for the engineers and architects
- Review security assessment reports from pentest and code review engagements, help the team with risk rationalization, and develop and implement mitigation strategies
- Liaison with the firmwide TechRisk team to perform deep dive technical assessments and manage our risk portfolio
Technical Experience and Qualifications Required:
- 5+ years’ experience in one or more technical roles performing Threat Modeling or Secure Design Reviews
- Knowledge of most common Application Security vulnerabilities – e.g., OWASP Top 10 and cloud security gaps
- Familiarity with Security standards such as OWASP Testing Guide, OWASP ASVS, NIST and Sans top 20
- Common security controls and how they apply to different designs and systems including but not limited to secure authentication, access controls, encryption (at rest/ in transit), IDS/IPS, DLP, malware etc.
- Experience in application vulnerability assessment and penetration testing of web, thick-client, or mobile applications
- Working knowledge of application security tools such as fuzzers, scanners, debuggers, decompilers, proxies, simulators, etc.
- Familiarity with modern and common web stack technologies (e.g. HTTP, HTML5, AJAX, REST, etc.) and platforms (e.g. DropWizard, Springboot, React, Tomcat, .Net, MS SQL, MongoDB, etc.)
- Familiarity with AWS cloud services, recommended security best practices and secure deployment patterns
- Understanding of core cryptography concepts (Encryption, Hashing, HMAC, digital signatures) and how they are applied and attacked in web applications (e.g. TLS attacks, CBC attacks)
- Ability to analyze protocols (OAuth, SAML, OIDC), flows and interactions in a system design to evaluate gaps
- Ability to identify threats, abuse cases, and gaps in the design before it is implemented.
- Good written and oral communication to be able to articulate risks to both technical stakeholders and management
Nice to have qualifications:
- Knowledge of network, application and operating system security risks
- MS. in Computer Science, System/Computer Engineering, Cyber-Security, or Information Security
- Experience or trainings in related disciplines e.g. computer science, computer security, software development, system design, open source frameworks, encryption schemes, etc.
Apply for this role
All fields marked with * are required.