Previous Job
Previous
Application Security Architect
Ref No.: 20-00306
Location: AZ
Summary of This Role

Responsibilities range from auditing code, architecture and databases used in custom-developed web and cloud applications, to testing for common application level vulnerabilities, weaknesses, and providing both vulnerability analysis and development advise for application hardening.
Applicant must possess a strong background in software development, secure coding techniques, secure architecture, software security frameworks, common weaknesses and vulnerability analysis. Candidate should have experience securing web and mobile applications, APIs, micro-services, containers, cloud and cloud-hybrid architectures.

Responsibilities include:
  • Working with application development and QA teams across multiple products to:Review, evaluate and prioritize vulnerability findings
  • Provide SME support on secure code implementation, design and architecture.
  • Threat-modeling & risk analysis
  • Training
  • Participate in providing annual OWASP & PCI training for developers
  • Helps maintain updated Secure Coding Best Practices
  • Common application level vulnerabilities
  • Risk Management
  • Findings/vulnerability prioritization
  • Mitigation strategy
  • Controls Evaluation Review, validate, recommend and create standards
  • Review of open-source development libraries for security risks
  • Web application firewall (WAF) rule development and implementation
  • Security technologies review and recommendations

REQUIREMENTS
  • Qualifications: Bachelors of Computer Science or similar 6 or more years of experience in applying Information Security best practices to Information Technology assets plus 5 or more years of experience with software development.
  • Experience with static and dynamic vulnerability identification using industry leading scanning tools and manual code reviews -
  • Experience with the Top 10 OWASP (Open Web Application Security Project) vulnerabilities (most critical web vulnerabilities) and how to identify and remediate them - Solid understanding of Information Security in general and the specific behaviors that would secure TSYS information assets -
  • Ability to translate Information Security policies and procedures into language that a business and/or technical person can understand; and ability to effectively communicate with both non-technical and technical people -
  • Strong problem solving with the ability to methodically and objectively analyze and resolve Information Security challenges - Ability to work well inside and outside the team.