Lead Application Security Architect
New York City, NY / Dallas, TX - Our client is a top investment bank driven by technology. They are leading threat, risk analysis, and data science initiatives that are helping to protect the firm and their clients from information and cybersecurity risks.
The Lead Application Security Architect will join a team which protects the systems and data of the firm and their clients; equips people with understanding and tools to measure risk and enable the use of technology, and evangelizes controls monitoring solutions. It covers all technology and business areas including subsidiaries and affiliates globally. They deliver best in class advisory support and technology solutions across the Information Security Risk domains, including scalable uplifts of common core security solutions for use across the firm. As a risk advisor, you will be part of a technical team that is responsible for assessing and managing the portfolio of risks for divisionally aligned products. You are expected to have a working knowledge of the products you support and provide technical design consultancy services as needed. Your team will be responsible for all assessments, including: design architecture reviews, manual code reviews, penetration testing, and continuous monitoring/scanning. The ideal candidate should possess the aptitude to build coalitions across teams/product owners, educate counterparts on secure development practices, and work collaboratively to drive down risk.
Technical Skills and Experience
- Examine application state machine to validate assumptions and identify vulnerabilities
- Should have a solid understanding of security controls and how they apply to different designs and systems.
- Understand, highlight, and articulate risk to product owners in an understandable language.
- Present alternate designs to the teams in order to help them reduce risks.
- Experience in application vulnerability assessment and penetration testing of web, thick-client, or mobile applications.
- Experience managing a technical team or project, and liaising with product owners to manage risk portfolios.
- Working knowledge of application security tools such as fuzzers, scanners, debuggers, decompilers, proxies, simulators, etc.
- Familiarity with common web stack technologies (e.g. HTTP, HTML5, AJAX, REST, etc.) and platforms (e.g. DropWizard, AngularJS, Tomcat, .Net, Sybase, MS SQL, MongoDB, etc.).
- Understanding of core cryptography concepts (encryption, hashing, HMAC, digital signature) and how they are applied and attacked in web applications (e.g. TLS attacks, CBC attacks).
- Ability to analyse protocols, flows and interactions in design to evaluate gaps.
- Min 5 years of relevant work experience.
- Expert knowledge of network, application and operating system security risks.
- Medium-scale technical program management skills.
- Bachelor of Science in Computer Science, System/Computer Engineering, Cyber-Security, or Information Security.
- Experience or training in related disciplines e.g. computer science, computer security, software development, system design, open-source frameworks, encryption schemes, etc.
Apply for this role
All fields marked with * are required.