Application Security Architect

Application Security Architect

12 Months contract - Later Hire/ Extension

Location : @ Newark , NJ Hybrid model

Required :

• AWS - Cloud infrastructure
• IAM (Identity and Access Management)
• OAuth 2.0 for authentication
• API security
• Security Architecture from Scratch
• Public Key Infrastructure (PKI)
• 3-tier Applications exp
• SAML; SAST, DAST

Job description:

• The Enterprise Information Security Architect will apply a combination of business process analysis and technical knowledge to develop enterprise security architectural deliverables that identify and describe the relationships among functions, data, applications and technology at various levels at client.
• The person will perform individual assignments and lead project teams composed of Business Analysts, Systems Engineers and Research Specialists, as well as analyze systems and technology integration requirements across multiple applications and organizations.
• It is important that the candidate communicate and work closely with process and system owners, IT management, peers, and technical staff to ensure the relevance of the security architecture and system designs to business process requirements.
• Additionally, the candidate will be responsible for setting the strategic direction, developing advanced enterprise wide security ideas, determining the security technology/standards and then guiding their development into a final product.
• This position reports to the Director of Technology Architecture and will:
• Provide technical guidance and renders decisions regarding Security Technology designs and engineering.

Basic Qualifications:

• Bachelor s degree in Information Technology or related discipline from an accredited college or university, advanced degree or other professional certification in Management Information Systems is preferred
• Professional business experience in Security Architecture, including security with Applications, Infrastructure, external internet security, or Access and Identity Management Experience with information privacy and security laws (covering such items as data breaches, records management and structured/unstructured data)
• Must have prior hands on experience reviewing code designs from a security standpoint
• Prior experience with Internal and External Applications Security Assessment
• Demonstrated experience with Secure Development Lifecycle
• Demonstrated experience with defending OWASP Top Ten Attack types
• Must have prior experience with SSL, and can articulate what it can/cannot cover and why it s important
• Experience with C, Python, Ruby, C++ and other relevant languages
• Demonstrated experience with Vulnerability assessments, penetration testing and experience fixing vulnerabilities.
• Prior Data Encryption solutions experience
• Prior ITCAM/SOA experience

Additional Qualifications/Knowledge:

• Prefer 5+ years of management experience
• Experience working in controlled regulatory environment is preferred Skills and Abilities
• Strong understanding of application security principles
• Ability to articulate the 3 components of AAA (AuthN, AuthZ and Audit)
• Strong understanding of TOGAF and can articulate it s importance and relevance