Software Security Architect

Location; San Jose, CA, (not a remote role)

This role will interface directly with development teams. Of course, there is broad exposure to other aspects of information security related tasks such as incident response, vulnerability management, and deployment of security solutions. The successful candidate for this position is a highly motivated individual with a strong Application Development and Configuration Management/DevOps background that wants to educate and build a software security program.

Key Deliverables and Responsibilities (include but are not limited to the following):

Deploy and automate security tools in the CI/CD pipeline.

Work closely with product teams to identify SBOM

Work with product teams in remediating software security vulnerabilities

Perform manual penetration tests on web applications

Attend enterprise architecture reviews to standardize and secure new deployments

Qualifications and Special Skills Required

5+ years industry experience. Bachelor s degree in computer science or engineering field or equivalent combination of education and relevant experience.

A passion to learn and educate others on how to build secure software.

Ability to work in a group setting and independently

Experience with Jira IT ticketing systems.

Experience with GitHub, Perforce, GitLab

Experience with SonaType, JFrog

Good working knowledge in scripting language, Python, PowerShell, etc.

Strong understanding of Linux/UNIX and Windows based operating systems and networks.

Strong knowledge on Cyber security and CMMC

Strong working knowledge of Application security concepts and technologies such as:

Experience in OWASP Top 10 and usage of common AppSec testing tools.

Experience of Secure by Design concepts and threat modeling

Knowledge of common security libraries, security controls, and common security flaws.

Experience in application penetration testing techniques and tools

Knowledge of application technologies including Web applications, Web services, XML, SOA, AJAX, JSON, and Web scanning tools

Open-Source Security (OSS) - Software Composition Analysis (SCA)

Static Application Security Testing (SAST)

Dynamic Application Security Testing (DAST)

Security Architecture Review - Threat Modeling

AWS and Azure WAF Configuration and listing

Cloudflare DDOS configuration and operation

Manual Penetration Testing

Penetration testing with 3rd party vendors

Host level vulnerability Scanning

Web application security training course development and delivery

Preferred Certifications:

Certified Information Systems Security Professional (CISSP)

SANS GIAC certifications

Amazon Web Services, Azure, Google Cloud Platform