Application Security Architect & Engineer

Responsibilities include but not limited to:

• Provide security guidance, training, and best practices for development and operations teams.
• Support secure software development by applying knowledge of SDLC, Agile, and Scrum methodologies.
• Evaluate software architecture and design for security risks and alignment with DevSecOps principles.
• Promote and enforce secure coding standards and guidelines.
• Review source code to identify vulnerabilities and recommend remediation strategies.
• Assess security risks across multiple programming languages (e.g., JavaScript, C#, Java, Ruby, SQL).
• Analyze and secure modern web application architectures, including cloud, APIs, microservices, and client–server models.
• Identify and address common vulnerabilities, including those outlined in the OWASP Top 10.
• Support vulnerability remediation, patch management, and continuous improvement efforts.
• Utilize application security testing tools such as SAST, DAST, IAST, and platforms like Accunetix, Veracode, Jenkins, Splunk, Rapid7, and Tenable.
• Interpret and act on findings from SIEM systems, including Splunk.
• Apply knowledge of common security controls and frameworks.
• Ensure compliance with relevant security regulations and standards (e.g., NIST 800‑53, IRS Pub 1075, PCI‑DSS).
• Implement and evaluate AWS cloud security controls and best practices.
• Create, maintain, and review System Security Plans (SSPs).
• Troubleshoot and resolve complex technical and security-related issues.
• Stay current with evolving threats, technologies, and industry trends.
• Develop detailed plans and communicate risks, impacts, and recommendations effectively.
• Collaborate with application teams, QA engineers, and operations teams to integrate security into workflows.
• Provide constructive, actionable feedback to application teams.
• Communicate technical concepts clearly to both technical and non‑technical audiences.
• Work closely with other security analysts and technology teams to support agency and enterprise security initiatives.
• Manage multiple tasks, prioritize effectively, and meet deadlines.
• Apply critical thinking to evaluate and mitigate security risks and vulnerabilities.

• Required Skills/Experience:

  • Five or more years’ experience in application security.
  • Two or more years’ network or firewall/AWS Security Groups.
  • Experience with log collection, vulnerability scans and remediation, or privileged access management.
  • Strong understanding of security concepts, network protocols, and threat vectors.
  • Proficiency in SIEM,IDS/IPS, EDR,and other relevant security tools.
  • Excellent analytical and problem-solving skills.
  • Strong communication, collaboration, and documentation skills.
  • Ability to work independently and as part of a team in a fast-paced environment.
  
  

  Have experience and a strong knowledge of the following:

  • Splunk, Insigh tVM Rapid7, Tenable, CyberArk, Jenkins, Veracode
  • Linux and Windows Operating Systems, Baseline hardening of operating systems
  • IIS and Apache, Scripting Languages and SQL, PowerShell, Firewall
    
    

    At least one of these certs below is REQUIRED:

    • CompTIA Security+
    • ISC2 CC (Certified in Cybersecurity)
    • Offensive Security Certified Professional (OSCP)
    • CCSP (Certified Cloud Security Professional)
    • CSSLP (Certified Secure Software Lifecycle Professional)

     At least one of these certs below is highly DESIRED (Independently and or with one of the above)

    • AWS Solutions Architect (Associate/Professional)
    • AWS Security Specialty

     At least one of the any is DESIRED

    • CompTIA PenTest+
    • Certified Ethical Hacker (CEH), GIAC Certified Intrusion Analyst (GCIA)