Previous Job
Application Security Architect
Ref No.: 20-00185
Location: Philadelphia, Pennsylvania
Title: Application Security Architect
Location: Philadelphia, PA
Type: Contract
Our client is seeking na Application Security Architect who has knowledge of AWS or other cloud-based infrastructure architecture, services, and security.
The Application Security Architect position is a very technical, hands-on role that involves evaluating and enforcing application security in all phases of the Software Development Life Cycle (SDLC). This position will work closely with our development teams, Information Security, Privacy and DevSecOps team to define and implement the application security standards, perform software architecture design reviews and threat modeling, conduct white box security testing, and support the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms.
Key Accountabilities:
  • Responsible to define and conduct enterprise-scale architecture governance exercises.
  • Lead and coordinate various aspects of software design and development best practice implementations.
  • Be a liaison to the application development team, reviewing all policies around application development and bringing implementation-level recommendations to the developer community.
  • Lead architecture design reviews with senior development and product management staff to incorporate effective threat modeling and security standards into product design and development
  • Participate in strategic activities to evangelize security objectives and ensure their appropriate consideration in product and operational planning across all teams.
  • Educate team members and all engineers on application secure coding standards and best practices, establish regular educational activities, recommend, and attend appropriate training.
  • Work with ISO and Application architecture teams to document common architecture patterns and help implement within all the development teams.
  • Explain and demonstrate vulnerabilities to application/system owners, and provide recommendations for mitigation.
Required Skills and Experience:
  • Bachelor’s degree in an Information Technology related field of study or equivalent experience.
  • Certification in Application Development Security is preferred.
  • 10+ years of experience in web/mobile/cloud application security role.
  • Knowledge of information security principles, web applications and a level of familiarity with malicious code and common techniques used by hackers.
  • Knowledge of AWS or other cloud-based infrastructure architecture, services, and security.
  • Knowledge of microservices architectures.
  • Experience with HTML and JavaScript along with a solid understanding of HTTP protocol.
  • Thorough understanding of SDLC, as well software security maturity models, such as Building Security In Maturity Model (BSIMM) or OWASP Software Assurance Maturity Model (SAMM).
  • Experience conducting secure code development training.
  • Experience using Agile software development and project management.
  • Experience with common SDLC tools: static and dynamic code analysis, open source management, threat modeling, etc.
  • Knowledge of automated CI/CD pipelines for application code, infrastructure.
  • Basic knowledge of SQL and prior experience with programming in one or more server-side technologies such as ASP.Net. .NET Core experience is a plus.
  • Experience with securing Docker Containers is a plus.
  • Knowledge of cryptographic tools or security APIs is a plus.
  • Excellent problem solving and analytical skills; outstanding oral and written communication skills.
  • Experience interacting with security vendors and customers.
  • Self-motivation and the ability to work under minimal supervision.