Application Security Architect
1 month ago
Job Title: Application Security Architect
Location: Remote within US or Canada
Type: Direct Hire
Bottom Line / In a Nutshell: Bachelor’s Degree in Computer Science or equivalent experience
- Highly technical and analytical experience, with a proven deep background (five-plus years preferred in addition to cybersecurity) in software engineering.
- 5-7+ years experience in Software Development
- 5-7+ years experience in a Security Engineering role with a specific focus on Vulnerability Management and Secure Coding
- Preference is for folks who worked with C# (Python and Java are fine but mainly use C# there)
- Must be familiar with SAST tools (Veracode, Snyk, Checkmarx, etc.)
- Experience with Pentesting (Burpsuite, etc.)
- Experience with bug tracking (Jira, etc.)
Job Description:
The Product Security team is responsible for the code-level security of our products. We enhance product security via finding, fixing, and preventing security flaws across our family of products. On the Product Security Assurance teams, we build the tools and run the programs that eliminate security bugs in code. Beyond simply pointing out issues, we solve problems through close partnership with product and development teams. As such, we are looking for a Application Security Architect with strong technical & leadership skills, a background in product/application security, and a passion for solving complex product security challenges in a fast-moving agile environment. They should be comfortable working across the company and enjoy finding innovative ways to mitigate risk while protecting the data of more than five million users of our products.
What you'll get to do: Implement Cloud Platform and Application Security Blueprint and drive adoption of standardized methodologies, libraries, and tools
- As a security SME, own identification and remediation of vulnerabilities within Platform and SaaS applications codebase, as well as 3rd party dependencies, with focus on maturing Application Security Engineering beyond OWASP Top Ten
- Define secure coding practices and guidance, conduct security reviews, and drive down security-related technical debt
- Conduct penetration testing using open source and commercial tools
- Develop scripts and tooling to “shift-left” common security tasks enabling DevSecOps
- Engage development teams in security feature reviews and threat modeling
- Contribute to a secure/compliant cloud-native service catalog
- Collaborate with engineering and operations teams to implement and automate security controls and processes cloud-native security monitoring, tooling, and reporting
- Foster a security-first culture by partnering with dev teams and platform engineers to balance key performance and security.
- Lead continuous product and application security reviews.
- Perform application security testing using SAST, DAST, IAST and RASP tools.
- Combine automated and manual product and application testing methods.
- Engage with internal and external teams performing vulnerability and penetration testing.
- Document security findings, outline remediation options and oversee mitigation.
- Focus on automation to aid in efficiencies with both testing and remediation of findings.
- Collaborate with developers and product managers for continuous security validation.
- Recommend controls where there are security gaps and track through to implementation and validation.
- Regularly monitor the threat landscape and assess the potential impact to products.
- Attend and participate in product meetings addressing security requirements for new and existing products.
- Serve as the primary management point of contact for product cybersecurity requirements, initiatives and escalations.
- Evaluate the existing product ecosystem and propose product changes to security leadership and engineering.
- Leverage security standards and implementation configurations, as well as common security frameworks.
- Uphold software bills of materials across products.
- Attend internal and external education and training sessions, with a focus on product security principles.
- Possess a general understanding of bug bounty programs and their management.
- Align with architects and development teams for a mission of secure design.
- Actively participate in security team meetings that facilitate secure product design.
- Possess general knowledge of product security that meets compliance, privacy laws and regulatory requirements.
- Focus on security process efficiencies, prioritizing advanced tasks to keep pace with product demand.
- Collaborate with team members and align with security, audit and risk management leadership.
- Perform other duties as assigned.
Skills and Experience we value: Bachelor’s Degree in Computer Science or equivalent experience
- Highly technical and analytical experience, with a proven deep background (five-plus years preferred in addition to cybersecurity) in software engineering.
- 7+ years experience in software development
- 7+ years experience in a Security Engineering role with a specific focus on vulnerability management and secure coding
What would make you really stand out: One of the security certifications, such as CISSP, GSEC, Azure Architect and/or Azure Security Engineer/Technologies preferred
- Background in automated program analysis
- Experience with .NET and C#
- DevOps experience with infrastructure, cloud and application pipelines
- Experience running operational teams
- Experience in Threat Modeling using STRIDE, PASTA, or similar
- Experience with open-source (e.g. Kali Linux) and commercial penetration testing tools
- Expertise in identifying and remediating OWASP Top Ten vulnerabilities and beyond
- Expertise with Azure security services as well as Docker/Kubernetes
- Minimum 1 year of experience with active compliant environments, eg PCI-DSS, HITRUST, FEDRAMP, ISO 27001, or similarly regulated industries.
- Experience with SAST, DAST, IAST and RASP.
- Five-plus years of experience with public cloud providers (AWS, Azure, GCP).
- Experience with container security, such as Docker and Kubernetes.
- Knowledge of CI/CD platforms, such as Jenkins and CircleCI.
- Experience building prototypes of tools and exploits, as well as conducting vulnerability and penetration tests.
- Proficiency in software development (.NET, Java, Rust, Golang, Python, C++, Ruby, etc.).
- Experience with security requirements for APIs
THIS IS A GREAT OPPORTUNITY WITH A FIRST-CLASS COMPANY
Application Security Architect
RED SKY Career Opportunities at: redskyconsulting.co/career-portal
Application Security Architect
RED SKY Consulting Candidate and Client Referral Program
2500
Do you know other IT professionals?
Turn those relationships into Money & help friends get work
RED SKY Consulting is offering a fantastic opportunity for you to earn extra money.
If you refer to us a Manager of people or skilled professionals, we will link your name to that person for 18 months.
If we employ or place that individual or place people into that company thru that manager
Application Security Architect
RED SKY Consulting Company Overview:
We are an IT and Cybersecurity staffing solutions, professional services, management consulting, and executive placement company with thousands of resources across multiple IT and Cybersecurity skill sets. Our primary US locations are Chicago, New York, Los Angeles, Atlanta, Nashville, Tampa and Denver and we have organizational arms in other domestic cities along with offshore alliances in India and Ireland. RED SKY has a 15+ year history of providing great technology talent. RED SKY has many clients including; 7 of the Fortune 10, half of the Fortune 100, and 25% of the Fortune 500 companies within the manufacturing, financial services, health care, government, consumer services, insurance, and several other industry verticals represented.
The RED SKY Foundation is being formed and will be providing fully funded college educations to underprivileged young adults in partnership with our clients starting 2022.
Keys: Application Security, Architecture, Software Development, SAST, Pentest, C#, Application Security, Architecture, Software Development, SAST, Pentest, C#, Application Security, Architecture, Software Development, SAST, Pentest, C#
We have other current jobs related to this field that you can find below
-
Application Security Architect Prin
1 week ago
Canada Ceridian Corporation Full timePosted Monday, February 12, 2024 at 5:00 AM Dayforce is a global human capital management (HCM) company headquartered in Toronto, Ontario, and Minneapolis, Minnesota, with operations across North America, Europe, Middle East, Africa (EMEA), and the Asia Pacific Japan (APJ) region. Our award-winning Cloud HCM platform offers a unified solution database and...
-
Application Architect
1 week ago
Canada Ceridian Corporation Full timeDayforce is a global human capital management (HCM) company headquartered in Toronto, Ontario, and Minneapolis, Minnesota, with operations across North America, Europe, Middle East, Africa (EMEA), and the Asia Pacific Japan (APJ) region. Our award-winning Cloud HCM platform offers a unified solution database and continuous calculation engine, driving...
-
Security Solutions Architect
2 weeks ago
Canada Adecco Full timeAdecco is currently recruiting for a Security Solutions Architect. This is a 1-year Remote contract opportunity with a possibility of extension. This role is with one of our crown corporation client based in Ottawa. The successful candidate must be eligible for a Reliability Security Clearance.The Security Solutions Architect will have the following...
-
Security Solutions Architect
2 weeks ago
Canada Adecco Full timeAdecco is currently recruiting for a Security Solutions Architect. This is a 1-year Remote contract opportunity with a possibility of extension. This role is with one of our crown corporation client based in Ottawa. The successful candidate must be eligible for a Reliability Security Clearance.The Security Solutions Architect will have the following...
-
Security Solutions Architect
2 weeks ago
Canada Adecco Full timeAdecco is currently recruiting for a Security Solutions Architect. This is a 1-year Remote contract opportunity with a possibility of extension. This role is with one of our crown corporation client based in Ottawa. The successful candidate must be eligible for a Reliability Security Clearance.The Security Solutions Architect will have the following...
-
Security Solutions Architect
2 weeks ago
Canada Adecco Full timeAdecco is currently recruiting for a Security Solutions Architect. This is a 1-year Remote contract opportunity with a possibility of extension. This role is with one of our crown corporation client based in Ottawa. The successful candidate must be eligible for a Reliability Security Clearance. The Security Solutions Architect will have the following...
-
Security Solutions Architect
2 weeks ago
Canada Adecco Full timeAdecco is currently recruiting for a Security Solutions Architect. This is a 1-year Remote contract opportunity with a possibility of extension. This role is with one of our crown corporation client based in Ottawa. The successful candidate must be eligible for a Reliability Security Clearance.The Security Solutions Architect will have the following...
-
Security Solutions Architect
2 weeks ago
Canada Adecco Full timeAdecco is currently recruiting for a Security Solutions Architect. This is a 1-year Remote contract opportunity with a possibility of extension. This role is with one of our crown corporation client based in Ottawa. The successful candidate must be eligible for a Reliability Security Clearance.The Security Solutions Architect will have the following...
-
Security Solutions Architect
2 weeks ago
Canada Mindwire Systems Ltd Full timeMindwire is currently seeking a Security Solutions Architect to work for our valued Crown Corporation client. Location: Remote (Canada) Responsibilities:Develop and update security policies, standards, requirements, and guidelines in alignment with industry best practices.Assist in conducting cyber risk assessments on new and existing technical solutions to...
-
Security Solutions Architect
2 weeks ago
Canada Mindwire Systems Ltd Full timeMindwire is currently seeking a Security Solutions Architect to work for our valued Crown Corporation client. Location: Remote (Canada) Responsibilities:Develop and update security policies, standards, requirements, and guidelines in alignment with industry best practices.Assist in conducting cyber risk assessments on new and existing technical solutions to...
-
Security Solutions Architect
2 weeks ago
Canada Mindwire Systems Ltd Full timeMindwire is currently seeking a Security Solutions Architect to work for our valued Crown Corporation client. Location: Remote (Canada) Responsibilities:Develop and update security policies, standards, requirements, and guidelines in alignment with industry best practices.Assist in conducting cyber risk assessments on new and existing technical solutions to...
-
Security Solutions Architect
1 week ago
Canada Mindwire Systems Ltd Full timeMindwire is currently seeking a Security Solutions Architect to work for our valued Crown Corporation client. Location: Remote (Canada) Responsibilities:Develop and update security policies, standards, requirements, and guidelines in alignment with industry best practices.Assist in conducting cyber risk assessments on new and existing technical solutions to...
-
Security Solutions Architect
1 week ago
Canada Mindwire Systems Ltd Full timeMindwire is currently seeking a Security Solutions Architect to work for our valued Crown Corporation clientLocation:Remote (Canada)Responsibilities:Develop and update security policies, standards, requirements, and guidelines in alignment with industry best practices.Assist in conducting cyber risk assessments on new and existing technical solutions to...
-
Security Solutions Architect
2 weeks ago
Canada Mindwire Systems Ltd Full timeMindwire is currently seeking a Security Solutions Architect to work for our valued Crown Corporation client. Location: Remote (Canada) Responsibilities:Develop and update security policies, standards, requirements, and guidelines in alignment with industry best practices.Assist in conducting cyber risk assessments on new and existing technical solutions to...
-
Security Solutions Architect
2 weeks ago
Canada Mindwire Systems Ltd Full timeMindwire is currently seeking a Security Solutions Architect to work for our valued Crown Corporation client. Location: Remote (Canada) Responsibilities: Develop and update security policies, standards, requirements, and guidelines in alignment with industry best practices. Assist in conducting cyber risk assessments on new and existing technical...
-
Security Solutions Architect
2 weeks ago
Canada Mindwire Systems Ltd Full timeMindwire is currently seeking a Security Solutions Architect to work for our valued Crown Corporation client. Location: Remote (Canada) Responsibilities:Develop and update security policies, standards, requirements, and guidelines in alignment with industry best practices.Assist in conducting cyber risk assessments on new and existing technical solutions to...
-
Security Solutions Architect
2 weeks ago
Canada Randstad Digital Full timeSecurity Solutions Architect, contract positionNumber of openings 1, 12months initial contract with possible extensionCompany location Ottawa ON CAMust be eligible to work in CanadaFully remote role, must accommodate EST /EDT hours*** Candidates must be eligible for Government of Canada Reliability Security Clearance (5+ years in Canada) ***Native or...
-
Security Solutions Architect
2 weeks ago
Canada Randstad Digital Full timeSecurity Solutions Architect, contract positionNumber of openings 1, 12months initial contract with possible extensionCompany location Ottawa ON CAMust be eligible to work in CanadaFully remote role, must accommodate EST /EDT hours*** Candidates must be eligible for Government of Canada Reliability Security Clearance (5+ years in Canada) ***Native or...
-
Senior Security Architect
1 week ago
Canada 1001 TransCanada PipeLines Limited Full timePortfolio Architect - Physical Security page is loaded Portfolio Architect - Physical Security Apply locations Calgary, Alberta time type Full time posted on Posted 13 Days Ago job requisition id JR-06015 Determined. If these are some of the ways you describe yourself — we want to learn more about you If that sounds like a challenge you want to help...
-
Security Solutions Architect
2 weeks ago
Canada Randstad Digital Full timeSecurity Solutions Architect, contract position Number of openings 1, 12months initial contract with possible extension Company location Ottawa ON CA Must be eligible to work in Canada Fully remote role, must accommodate EST /EDT hours *** Candidates must be eligible for Government of Canada Reliability Security Clearance (5+ years in Canada) *** ...
