Application Security Architect
Lead development of security architecture and design, for a wide range of hardware/ software products and services, built for Verizon business and consumer markets.
Lead definition of secure-SDLC (system development lifecycle) and product security maturity model, to adopt a shift-left approach to security.
Develop security controls and processes for products developed and deployed in cloud environments.
Develop in-depth security architecture, design and coding standards across infrastructure, application and data security, to drive a standardized set of security requirements, and align with internal policies and meet external compliance/regulatory requirements.
Perform threat modeling, conduct reviews of security architecture and platform/service designs, and audit source code.
Drive open innovation in product security best practices through industry collaboration.
Provide product security related coaching and mentoring to elevate security expertise of development teams.
What we’re looking for...
Youll need to have
Bachelor’s degree or four or more years of work experience.
Six or more years of relevant work experience.
Experience securing cloud infrastructure and cloud applications.
Experience in development and application security.
Even better if you have
Security certifications CRISC, GSEC, CISA, CISM or CISSP, or willingness to obtain within 9 months of start date.
Experience coding in Java, Python, or Go, and at least one scripting language.
Knowledge of web, mobile, API, Microservices, network and security architectures and design patterns.
Knowledge of AWS, Azure, GCP and OCI native security tools.
In-depth knowledge of application security concepts, best practices and methods
Knowledge of security best practices, principles, and common security frameworks, such as NIST, ISO, Common Criteria, TCSEC, OWASP, etc.
Experience with data architecture, modeling and integration.
Understanding of security by design principles and architecture level security concepts.
Knowledge of current and emerging security technologies, threats and techniques for exploiting security vulnerabilities.
Experience with methodologies and tools, for threat analysis of complex systems, such as threat modeling and software fuzzing.
Knowledge of developer tools and environments, project management and bug tracking systems.
Experience building secure software based on frameworks such as OWASP, CWE, SANS, OpenSAMM, BSIMM.
Experience with various application security tools including SAST, SCA, DAST, Penetration testing, Fuzzing etc.