Profile Outline –

We are looking for a candidate with 12+ years of experience having hands-on knowledge with SonarQube, Cloudflare, Rapid7 IDR, and others already in place. Experience with SAST & DAST tools like Sonar, Burp, Zap, Snyk. Ideally this person would be proficient in Java and have some basic experience with .NET. They should have a working understanding of cloud platforms like AWS and Azure but are not expected to be experts.

This role will act as the global subject matter expert on application security and work closely with multiple departments to secure our applications and code and will help drive application security forward by bringing a certain level of experience and knowledge around application security to the organization.

Job Description – Application Security Architect

Job Responsibilities

• You will leverage your deep understanding of application security concepts, cloud security, and build and release processes to develop and implement innovative, scalable solutions that enable secure software development and delivery.
• You’ll bring a deep understanding of compute infrastructure, how software interacts with low-level services and hardware, application runtimes and environments, and software development.
• As an experienced technical leader, you will build and grow consensus across the organization. You will establish and maintain partnerships within the organization, engaging with engineers to understand pain points and define solutions that balance security and operational needs.
• Foster a culture of continuous improvement and adaptability.
• You will be a skilled communicator, able to consult, educate, and empower engineers to build and ship innovative software in a secure manner by default. You will gather regular feedback about developer experience, ensuring that security is an enabler, not a roadblock or gate.
• You will demonstrate the ability to handle multiple competing priorities in a fast-paced environment while maintaining a strategic, big-picture perspective.
• You will assist in the 24x7 triage, remediation, and documentation of security events, leveraging your experience and skills to stay one step ahead of potential threats.
• Collaborate closely with other departments to plan and execute vulnerability remediation plans, develop Root Cause Analyses (RCA), and ensure incidents are not repeated.

Essential Function

A typical day-to-day for this position could see you working on one or a number of projects, such as the following:

• Validating technical design documents in collaboration with Platform Engineering and Application Architecture
• Reviewing cloud access patterns and security controls
• Responding to security alerts and incidents
• Coordinating with engineering teams to plan CVE remediation and validation testing
• Conducting internal penetration testing and reporting findings to senior leadership
• Designing and implementing security and access controls, policies, and procedures
• Reviewing logs, audit trails, security and operations dashboards, reports, and alerts
• Assisting in responding to customer inquiries and the RFP process

Requirements

Required Education and Experience

• 10+ years of relevant experience in application security, cybersecurity, cloud engineering, DevOps, SRE, and software development
• 8+ years of experience with public cloud platforms (AWS, GCP, Azure) and private cloud (VMWare)
• Experience working in polyglot application environments, including .NET, Java, Ruby, PHP, JS, and Python.
• Experience working with databases and DB security; preferred DBs include MSSQL, MySQL, and MongoDB.
• Demonstrated experience with common security tools, including but not limited to:
• SAST – Snyk, Veracode, Sonarqube, etc.
• DAST – Burp, OWASP ZAP, Checkmarx, etc.
• SIEM – Arctic Wolf, Sentinel, Splunk, Datadog, etc.
• Observability – Datadog, New Relic, Logic Monitor, etc.
• IDS and IPS
• Web Application Firewalls
• Extensive experience with Linux and Windows
• Excellent verbal and written communication skills, with the ability to inspire and empower teams
• Proven ability to handle multiple competing priorities in a fast-paced environment
• Experience working closely with senior and executive leadership

Preferred Qualifications

• Bachelor’s or Master’s Degree in Computer Science, Information Security, Cybersecurity, or other relevant field of study
• At least one relevant industry certification; preferred examples:
• Certified Ethical Hacker (CEH)
• Offensive Security Certified Professional+ (OSCP+)
• Certified Information Systems Security Professional (CISSP)
• Experience shepherding organizations through audits, such as PCI and SOC II