Senior Application Security Architect

United States, Jersey City, NJ
Permanent
Job ID: 1776

Job Description

Our client operates a premier e-trading platform and offers leading financial products. They have seen incredible growth in recent times and looks to continue that path. As a senior member of the InfoSec team, you’ll take the lead in defining strategy, engineering solutions and managing roadmaps for securing the firm’s enterprise technology. You’ll be knowledgeable in many domains of security and should be able to design and implement high-impacting solutions across the organisation.

This role will also have an opportunity to work with subject matter experts not only within security, but across infrastructure, network, development, and business teams. Previous managerial experience is essential, particularly in the management of a highly technical team. You will also bring business experience in the financial industry, as it will be required to meet with internal and external clients and talk confidently about the InfoSec program, and help integrate business needs with Information Security needs.


Role Responsibilities:

  • Take a leadership role in proposing, designing, planning and executing strategic and tactical security objectives to protect the firm’s information systems and network.
  • Serve as an internal information security advisor and subject matter expert for all application security related work.
  • As a subject matter expert, share technical knowledge, scalability, enterprise system architecture, and DevSecOps best practices
  • Working with Application Architects to design a framework for ingesting new applications into production including cloud environments
  • Lead security for orchestration, configuration, and provisioning automation
  • Lead product selection efforts, including defining evaluation criteria and test plans
  • Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
  • Bring together key stakeholders to develop and review enterprise application security strategies and roadmaps
  • Develop appropriate policy, standards, guidelines, process and procedures for remediation
  • Collaborate with business units and corporate partners to ensure solutions are built in consistent with the organisation's policies, programs, architectural recommendations, and information security standards
  • Understand the common types of cyber-attacks and countermeasures in the industry and engage with the business units to resolve within SLAs
  • Develop, build, and implement a mature and robust set of metrics and reports

Technical Experience and Qualifications Required:

  • 10+ years of experience leading global information security programs
  • 7+ years of proven experience in application architecture and security
  • Extensive experience in building security for large-scale distributed and critical services
  • Extensive knowledge of identifying security issues in applications and ability to articulate their risk exposure to technical and business users
  • Full application/system development lifecycle knowledge and experience
  • Experience with architecture and security reviews, and threat modelling applications
  • Experience with SAST/DAST/IAST and CI/CD tools
  • Strong knowledge of API security, WAF, and Cryptography
  • Experience with Docker and Kubernetes
  • Experience securing applications in public cloud (e.g. AWS, Azure, Google Cloud), and cloud security/governance tools
  • Experience with Terraform, Cloudformation, Terragrunt
  • Scripting experience with any of the following: JavaScript, Python, Powershell etc.
  • Must be able to communicate across all levels of the organization, from non-tech end user community to c-suite audiences.
  • Strong analytical and problem solving skills
  • Experience working with global teams
  • CISSP, CISM or equivalent qualifications preferred

Apply for this role

All fields marked with * are required.

  I confirm that I have the right to work in this location. *

Back to Job Listings