Senior Application Security Architect

Introduction:

We are seeking an experienced Application Security Architect to join our Global Information Security Organization (CISO). The ideal candidate will have a deep understanding of application security architecture patterns and principles, and threat modelling.

Responsibilities:

• Develop and maintain a deep understanding of the organization's enterprise applications, APIs, and digital transformation needs.
• Design and implement a comprehensive security architecture framework and reference architectures for Application Security.
• Develop and maintain security policies, standards, and reference architectures for Application Security APIs.
• Provide guidance and technical leadership to project teams to ensure application security requirements are properly integrated into software development and infrastructure projects.
• Partner and collaborate with cross-functional teams including Software engineering and software architecture teams operational and engineering teams to identify and address application related security risks across the organization.
• Define Application Security solutions and patterns.
• Stay up-to-date with industry best practices and emerging trends in Application Security, digital transformation, and incorporate them into the security architecture framework.

Requirements:

• Established Application Security Architect with at least 10 years within the broader IT Security disciplines and technologies.
• At least 5-7 years Application Security architectures and solutions and digital transformation programs.
• Experience with developing requirements and models for the future-state, current state, and gaps.
• Strong knowledge of API security standards and technologies.
• Experience in digital transformation enablement standards and technologies, such as DevSecOps, microservices, or cloud-native applications and architectures.
• Experience in conducting application threat modelling exercises to identify potential security threats and develop appropriate security controls.
• In-depth knowledge of web application security vulnerabilities, such as OWASP Top 10, and experience with secure coding practices and solutions (DAST, penetration testing, WAF’s).
• Experience with application security tools and technologies, such as web application firewalls (WAFs), static and dynamic code analysis tools, and penetration testing, secret and certificate management.
• Experience with compliance standards and regulations.
• Cyber Security related qualification(s) such as CISSP, CISM, CISA, CRISC.
• Strong relationship, communication, and stakeholder management skills. Ability to deal effectively with stakeholders, internal and external to the Technology Division.
• Ability to act proactively to ensure and effectively collaborate with regional and global counterparts.
• Excellent interpersonal skills with the ability to build and influence; and self-motivated.
• Committed to continuous improvement for team and self.
• Ability to run with a number of tasks concurrently and manage expectations appropriately.