Application Security Architect

Overview

Remote
On Site
Full Time

Skills

Information Technology
Cloud computing
Software development methodology
FISMA
Cyber security
Authentication
Incident management
Security architecture
Network security
Computer hardware
Evaluation
Vulnerability assessment
Supply chain management
Risk management
Testing
Leadership
Mentorship
Threat modeling
Risk analysis
DSS
Privacy
HIPAA
NIST 800-53
Regulatory Compliance
Training
Management
Collaboration
Software security
OWASP
Application development
.NET
Node.js
Java
Python
React.js
AngularJS
SaaS
FedRAMP
System on a chip
Agile
Project management
Web applications
Penetration testing
Amazon Web Services
Docker
Kubernetes
Linux
Software development
Security QA
Code review
CISSP
CISM
Certified Ethical Hacker
GPEN
OSCP

Job Details

Job Details

Level: Experienced

Job Location: DSS Baton Rouge - Baton Rouge, LA

Position Type: Full Time

Education Level: 4 Year Degree

Salary Range: Undisclosed

Travel Percentage: Up to 25%

Job Shift: Day

Job Category: Information Technology

Description

POSITION SUMMARY:

The Architect, Application Security (CS)
  • assess the security and compliance of web applications, code, and related components in our proprietary Health Cloud products (including those of third-party vendors) throughout the software development lifecycle (SDLC) to ensure they are designed and built securely;
  • will work as part of the Cyber team and collaborate closely with key stakeholders to define and document security requirements, plans, architecture, and FISMA paperwork required for the applications Authority to Operate (ATO).

DUTIES AND RESPONSIBILITIES:

Essential Duties
  • Partner with system, infrastructure, application, and cyber security teams to determine/create integration strategies/patterns that allow secure access across programs and applications.
  • Define and document security requirements for new application, identify the appropriate configurations.
  • Identify and document application threats, vulnerabilities, and risks, and advise development teams how to protect against them.
  • Ensure the security of the system lifecycle through code reviews and testing.
  • Work with key stakeholders to ensure authentication controls are understood from a security perspective, and work with the development team to plan, develop and implement the solution.
  • Work with the development team to resolve findings from security scans, reviews, or penetration tests.
  • Help incident response teams respond to detected intrusions.
  • Conduct periodic assessments.
  • Develop the application's security architecture in collaboration with the development team.
  • Assess the security posture associated with networking, security technologies, hardware and software development, test, and evaluation.
  • Support vulnerability assessment, penetration testing, and supply chain risk management activities.
  • Perform code reviews and conduct testing to ensure security is built in as planned.
  • Work with the development team to ensure the remediation of identified vulnerabilities and Plan of Action and Milestones (POA&Ms) are analyzed, understood, and resolved based on priority levels defined.

Other Duties:
  • Align and periodically communicate metrics with senior leadership around the effectiveness of the application security program.
  • Leverage your accumulated subject matter expertise of DSS' applications, systems, and code to propose and drive architectural improvements which address classes of security flaws in the FedRAMP ecosystem and other projects such as SOC2 and HITRUST.
  • Deliver training and provide mentoring to software developers on security topics.
  • Facilitate threat modeling exercises to ensure optimized security design decisions are being made.
  • Participate in requirements definition and perform initial risk analysis to define a minimum standard of security for each application.
  • Ensure changes do not create or introduce security gaps.

SECURITY AND PRIVACY DUTIES AND RESPONSIBILITIES
  • Individuals working for DSS will be subject to security and privacy requirements as explained in HIPAA, FedRAMP, and NIST 800-53. Additionally, they are required to undergo specific FedRAMP training to ensure compliance with all associated controls and responsibilities in the day-to-day performance of their duties. Individuals working in departments that are considered to be in the high-risk category will be required to undergo advanced training based on their role and level of access. Individuals with access to modify data and the configuration baseline will require further training.

The preceding functions are examples of the work performed by employees assigned to this job classification. Management reserves the right to add, modify, change or rescind work assignments and make a reasonable accommodation as needed.

Qualifications

QUALIFICATIONS:

Skills:

Required:
  • Experience as a senior/staff/lead security engineer in product and application security.
  • Experience leading security projects and initiatives that require collaboration with teams across an organization.
  • Sound understanding of application security vulnerabilities (e.g., OWASP Top 10), defense techniques and security best practices, including language-specific security practices and present-day threats.
  • Experience with modern application development languages and frameworks (e.g., .NET, Node.js, Java, Python, React, Angular

Desired:
  • Experience with assessing/securing large, complex SaaS applications.
  • FedRAMP and or SOC 2 knowledge.
  • Two + years of experience as a people manager.
  • Use of agile methodologies for project management.
  • Manual web application penetration testing experience, including the use of professional penetration testing tools.
  • Strong familiarity with AWS, Docker, Kubernetes, Linux, and similar infrastructure/technologies.
  • Prior full time software development experience.
  • Safeguarding applications by identifying associated threats, vulnerabilities, and risks, and implementing ongoing security testing and code review.
  • Securely configuring application components (within the application).

Education:

Required:
  • Bachelor's degree or equivalent experience.

Certification(s), Licenses:

Required:
  • One or more relevant security certifications (CSSLP, CISSP, CISM, CEPT, CMWAPT, CPT, CEH, LPT, GWAPT, GPEN, GXPN, OSCP).

Desired:
  • CASE, CASS, GWEB

Years of experience in a similar role:

Required:
  • 7+ years of relevant experience

Desired:
  • 10+ years of relevant experience

PHYSICAL DEMANDS:

Standing

5% per day

Sitting

100% per day

Walking

5% per day

Stooping

5% per day

Lifting

Exerting up to 10 pounds of force occasionally and/or negligible amount of force frequently or constantly to lift, carry, push,bpull or otherwise move objects. Repetitive motion. Substantial movements (motions) of the wrists, hands, and/or fingers. The worker is required to have close visual acuity to perform an activity such as: preparing and analyzing data and figures; transcribing; viewing a computer terminal; extensive reading.

Computer Work

70% per day

Telephone Work

10% per day

Reading

10% per day

Other, please specify

Travel unassisted up to _5__% per year, via common carrier and/or personal automobile.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

If you need an accommodation seeking employment with DSS, Inc., please email or call . Accommodations are made on a case-by-case basis.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

About Document Storage Systems Inc