Application Security Architect

Job Title: Application Security Architect

Location: Remote

Contract: 11+ Months

W2 Only

Job Description

We are seeking an experienced Application Security Architect to join our Global Information Security Organization. The ideal candidate will have a deep understanding of application security architecture patterns and principles, and threat modelling.

Responsibilities

Develop and maintain a deep understanding of the organization's enterprise applications, APIs, and digital transformation needs.

Design and implement a comprehensive security architecture framework and reference architectures for Application Security

Develop and maintain security policies, standards and reference architectures for Application Security APIs.

Provide guidance and technical leadership to project teams to ensure application security requirements are properly integrated into software development and infrastructure projects.

Partner and collaborate with cross-functional teams including Software engineering and software architecture teams operational and engineering teams to identify and address application related security risks across the organization.

Define Application Security solutions and patterns.

Stay up-to-date with industry best practices and emerging trends in Application Security, digital transformation, and incorporate them into the security architecture framework.

Application Security architectures and solutions and digital transformation programs.

Experience with developing requirements and models for the future-state, current state and gaps.

Strong knowledge of API security standards and technologies

Experience in digital transformation enablement standards and technologies, such as DevSecOps, microservices, or cloud-native applications and architectures.

Experience in conducting application threat modelling exercises to identify potential security threats and develop appropriate security controls.

In-depth knowledge of web application security vulnerabilities, such as OWASP Top 10, and experience with secure coding practices and solutions (DAST, penetration testing, WAF s).

Experience with application security tools and technologies, such as web application firewalls (WAFs), static and dynamic code analysis tools, and penetration testing, secret and certificate management

Experience with compliance standards and regulations

Ability to review and assess applications for security vulnerabilities and provide recommendations for mitigation strategies.

Strong understanding of security architecture principles, including defence in depth, least privilege, and secure by design

Knowledge of established information security frameworks and standards (i.e. NIST, ISO2700, CSA, SCF) and their application into diverse environments.

Preferred Qualifications/ Skills

- Cyber Security related qualification (s) such as CISSP, CISM, CISA, CRISC

- Strong relationship, communication and stakeholder management skills. Ability to deal effectively with key

- stakeholders, internal and external to the Technology Division

- Ability to act pro-actively to ensure and effectively collaborate with regional and global counterparts

- Excellent interpersonal skills with the ability to build and influence; and self-motivated

- Committed to continuous improvement for team and self.

- Ability to run with a number of tasks concurrently and manage expectations appropriately