Application Security Architect

STRIDE, OCTAVE, PASTA, ISO 27001, COBIT, NIST CSF, PCI-DSS
Full Time
$140,000 - $160,000
Work from home available

Job Description

Our direct end client is working in a Hybrid model (3 days in office-2 days remote)

They are seeking Candidates with experience in Verifying and Developing Standards for the App Dev teams to build Secure Apps.

Key duties will be the assessment of the security of applications — commercial products and inhouse developed — throughout their lifecycle, at the stages of requirements gathering, design, build, procurement and update, to ensure compliance, while enabling the business to meet the requirements of the information security technology architecture, strategy and baseline.
*They will work with several App Dev and Product teams across various Time zones (Remote teams and local in Jersey City)

Must have:

  • Strong experience of reviewing the security of applications for alignment with security architecture, security policy, security standards and best practices

Experience of web server, web application and API security and remediation. In-depth knowledge of OWASP Top-10 security risks and how to address them

Experience of application risk assessment via threat modelling using STRIDE, OCTAVE, PASTA or similar framework, and of providing recommendations to mitigate threats and reduce risk

  • CISSP, CASE, CASS, CLSSP, GIAC GWEB similar certification required.

Working knowledge of multi-factor authentication and single sign-on mechanisms for applications.
§ Working knowledge of Amazon Web Services and Microsoft Azure cloud computing platforms.
§ Good general knowledge of core security networking concepts like TLS, SSH, DNS, firewalls.
§ Good general knowledge of enterprise software, containers, operating systems and server virtualization.
§ Experience of conducting product evaluations, proofs of concept, pilots and rollouts.
§ A proven ability to interface across a global organization with other teams, such as EIS Engineering and Security, Corporate Applications, Enterprise Applications, Internal Audit, agency CIOs, and agency security teams and compliance coordinators, etc.
§ An analytical demeanor and the ability to effectively communicate with individuals across all levels the organization.
§ Excellent written and verbal communications skills.
§ Ability to adjust to changing priorities while multitasking effectively.
§ Working knowledge of compliance frameworks and security management standards (e.g., ISO 27001, COBIT, NIST CSF, PCI-DSS, ).
§ Working knowledge of best practices/standards (e.g., PCI DSS, HIPAA, State data breach laws) for implementing application-level data encryption.
§ Bachelor’s degree in Computer Science, Information Security and Risk Management, Information Systems, Engineering or related major.
§ CISSP, CASE, CASS, CLSSP, GIAC GWEB similar certification required.
§ Solid progressive experience working in Information Technology with at least some of that directly in Information Security.
§ Some experience in a security architect role with experience in reviewing and approving the security of applications.

Dice Id : 10447565
Position Id : SECNJ
Originally Posted : 2 months ago
Have a Job? Post it

Similar Positions

Application Security Architect/Engineer
  • Kani Solutions
  • Jersey City, NJ, USA
Manager, Application Security
  • DBI Staffing
  • Newark, NJ, USA
Enterprise Security Architect
  • ConsultNet, LLC
  • New York, NY, USA
IT Security Architect & Engineer
  • QED National
  • New York, NY, USA
Network Security Architect/ Analyst
  • QED National
  • New York, NY, USA
Application Security Specialist Level 3 - 5
  • MTA New York City Transit
  • New York, NY, USA
IT Security Architect
  • C&G Consulting Services
  • Princeton, NJ, USA
Senior Application Security Architect
  • Motion Recruitment
  • Philadelphia, PA, USA
Remote IT Application Security Architect
  • Randstad Technologies
  • Berlin, CT, USA