Application Security Architect

Full Time

  • No Travel Required

Job Description

Software Guidance & Assistance, Inc., (SGA), is searching for an Application Security Engineer for a FULL TIME assignment with one of our premier Investment Banking clients in New York, NY .

Responsibilities :
  • Work closely with others in IT to develop a secure SDLC with gating functions for application source code and IaC.
  • Define metrics and reporting on application security policies and processes and track adherence.
  • Proactively research and identify application security vulnerabilities and provide recommended counter measures.
  • Work with application development teams to design applications that are inherently secure.
  • Automate AppSecOps automated security testing processes including SAST, DAST and IAST as appropriate.
  • Perform code deep dives to uncover security vulnerabilities or design flaws.
  • Provide subject matter expertise in application code and IaC security best practices.
  • Support and consult with development teams in application security, including threat modeling and code reviews.
  • Advocate and champion ShiftLeft security initiatives and processes.
  • Contribute in raising the security awareness of team members through instructions and hands-on training.
  • Have general awareness on industry data privacy standards across cloud providers and vendor product liabilities.
  • Work as an active participant in an Agile development environment; attend daily standups, sprint planning and retrospectives.

Required Skills:
  • Bachelor's degree in Computer Science or related field (or equivalent experience)
  • 4 or more years of IT DevSecOps/AppSecOps experience.
  • Proficiency in one or more programming languages (Python, Java, C++ etc.)
  • Understanding of CWE 25 and OWASP Top 10; with experience in implementing remediation strategies.
  • Experience in application security and threat modeling.
  • Familiar with application security control frameworks and its current usage in applications (e.g., Authentication, Cryptography and Data Protection, Authorization, Web Access Firewall etc.).
  • Excellent understanding of application security testing automation including SAST, DAST and IAST.
  • Knowledge of web application technologies and layer 7 protocols like HTTP, FTP, DHCP etc.
  • Knowledge of exploit development and vulnerability research and reporting.
  • Knowledge of mobile app code security testing.
  • Experience in AWS technologies are a strong plus.
  • Exposure to Python, NGNIX, Gunicorn and ReactJS is a plus.
  • Experience working with code management tools such as Github.
  • Must have the ability to work in a dynamic, fast-paced environment.
  • Strong communication skills with ability to interact with stakeholders at various levels.
  • Strong problem solving and analytical skills

SGA is a technology and resource solutions provider driven to stand out. We are a women-owned business. Our mission: to solve big IT problems with a more personal, boutique approach. Each year, we match consultants like you to more than 1,000 engagements. When we say let's work better together, we mean it. You'll join a diverse team built on these core values: customer service, employee development, and quality and integrity in everything we do. Be yourself, love what you do and find your passion at work. Please find us at ;/a> .

EEO Employer: Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status.