Previous Job
Application Security Architect - Philadelphia PA
Ref No.: 17-03527
Location: Philadelphia, Pennsylvania
Job Title: Application Security Architect  
Job Location: Philadelphia, PA
Position Type: Contract  
Pay Rate:  DOE
US Citizen, Green Card, GC EAD and H4 EAD only.
No sponsorship available for this job, NO C2C

Job Description: 
  • Perform security assessment and compliance activities by using assessment tools and procedures for the Comcast's Digital First Organization
  • Continue to engage and build relationship with Comcast global Technology and Product Security teams
  • Plan, research and design robust security architectures in partnership with App/Dev/platform teams for any Application/IT project
  • Conduct and facilitate Threat modelling workshops
  • Perform/participate in security architecture review (SAR) to ensure all security architecture design best practices and standards are met
  • Perform planning and remediation of application static, dynamic and run-time code analysis (SAST, DAST, IAST/RASP) and also work with application and internal teams for to ensure secure coding practices are implemented
  • Support the research of emerging technology, requisite security requirements, and emerging threats and develop way-forwards to meet organizational goals
  • Oversee security awareness programs and educational efforts
  • Respond to security-related incidents and provide a thorough post-event analysis
  • Min 2 years' experience in Cloud Security Design / Implementation / Management with exposure to AWS / Azure Native Security
  • Strong understanding and exposure to Network Security, Operating System Security, Web Security and End Point Security
  • Research security standards, security systems and authentication protocols, keep abreast with latest trends in the cyber security industry
  • PCI Compliance Experience to conduct PCI Compliance activities
  • Strong understanding of PCI concepts
  • Assist with planning and remediation of internal and external vulnerability, and external penetration scans, as needed
  • Determine, document, and publicize the availability of PCI technical requirements
  • Work with various departments to ensure that they are aware of and understand the technical PCI requirements that they must adhere to and sign off on
  • Contribute content on PCI compliant requirements to support resources, including knowledgebase articles, quick reference cards, webinars, and training classes to raise understanding of PCI compliance
  • Assist in evaluation, selection and implementation of encryption solutions and key management systems
  • Assist in Vulnerability remediation in coordination with other ops / application teams
  • Configure and run penetration test & Analysis and Suggestions
  • Architected security for products, enterprise, information and other initiatives
  • Proficient at the secure software development lifecycle and DevSecOps
  • Proficient at identity, authentication and authorization systems
  • Good understanding of cryptographic trust based systems
  • Cloud security knowledge preferred
  • Data and database security
  • Federation, SSO, IDS, IPS, Host Based Firewall, WAF (Web Application Firewall), DNS, DHCP, HTTPS/TLS, SSH, Key Management, PKI, Tokens, SAML, OAUTH, Fido knowledge preferred
  • Knowledgeable in compliance standards like: PCI, CPNI, ISO 27001, FCC Regulations, SOX, Subscriber PII
  • Coding experience preferred but not required
  • Security expertise in one or more relevant areas
  • Knowledge of Intrusion Detection & Prevention Systems