Application Security Architect

Enterprise Level Application Security Design, Identity/Access Management, Firewalls, Testing, Vulnerability Management, Compliance, Programming/Software Development Experience
Full Time, C2H W2
Market
Telecommuting not available Travel not required

Job Description

NO CORP-CORP/3RD PARTY CANDIDATES. CLIENT DIRECT HIRE OR W2 CONTRACT TO HIRE. 

Role:

  • Join cyber security team in building a collaborative working relationship with corporate information security and risk, client IT services, enterprise application services, business unit application development and information security teams, and others to develop, promote, and implement sound application security strategies across client.
  • Serve as primary resource for business units and functions not having internal application security resources, and as a consultative resource for business units and functions having internal application security resources.
  • Determine application security requirements by assessing and evaluating business strategies and requirements against established client security standards, risk assessment methodology, and client requirements.
  • Research information security standards; conducts application security and vulnerability analyses and risk assessments; researches threats and attack vectors that impact applications.
  • Perform reviews to identify potential security gaps within the integrated systems of application components, data access dynamics and transaction flow.
  • Plan, coordinate, and provide leadership design, integration, development, validation and implementation of specific security policies, systems and services.
  • Mentor client IT Services Cyber Security team and other IT staff members to enhance their knowledge of information security concepts, practices, tools, strategies and to improve the overall effectiveness of the information security program at client.
  • Coordinate with client IT Services technical training team and/or independently implements and manages training programs for developers on secure code development practices.
  • Ensure application security program aligns with industry frameworks such as the NIST Cyber Security Framework, ISO27001, FFIEC Cyber Security Framework, PCI, and others as applicable.
  • Lead security design and application architectural reviews. 
  • Maintain documentation related to application security including the development of secure coding policies, procedures and standards, and ensures the Software Development Life Cycle (SDLC) used in client entities includes necessary security checkpoints, code review methodologies, etc.
  • Collaborate with the client IT Services Cyber Security team and business unit application security teams.
  • Participate with incident response teams as a subject matter expert on application security.

 Qualifications:

  • Minimum of 5+ years in the following security functional areas including application security, authentication and authorization, identity and access management, dynamic application security testing, static application security testing, middleware security, data security, and/or vulnerability management.
  • 7-10 years development/engineering experience using programming and scripting languages like .NET, C, C#, Perl, Python, Ruby, Java, SAML, web services APIs.
  • Expertise in mitigating and addressing technology or application threat vectors.
  • Experience with web application firewalls, reverse proxies, and application security architecture.
  • Solid knowledge and understanding of securing all major web server environments and cloud platforms based on OWASP top ten recommendations
  • Knowledge of regulatory and statutory compliance requirements across industries.
  • An Information Security and/or Web application security certification; e.g., SANS GWEB or GWAPT, CSSLP.
  • Must have superior communication (oral, written, presentation) and customer service skills.

 Desired: 

  • Experience in developing design and architecture documents that are easily consumed and followed by SDLC teams.
  • Expertise in building a defense in depth infrastructure security architecture that includes security controls across multiple technology stacks.
  • Experience and knowledge of security/access control administration best practices associated with applications, servers and networks associated with Microsoft Active Directory, ADFS, SAML
  • Knowledge of Information Security compliance requirements including ISO 27001, NIST, PCI, HIPAA and GDPR.
  • Bachelor’s degree from a four-year college or university or equivalent.

Posted By

Scott Baldwin

16090 Swingley Ridge Road, Suite 330 Saint Louis, MO, 63017

Contact
Dice Id : 10109872
Position Id : SBMZSECASTL
Have a Job? Post it

Similar Positions

Technical Security Specialist
  • Denken Solutions
  • Lake St Louis, MO
Lead Information Security Engineer
  • SBS Creatix, LLC
  • Saint Louis, MO
Cyber Security Engineer
  • ManTech International
  • Missouri, MO
Senior Security Analyst - PCI-DSS
  • UTG
  • Saint Louis, MO
Palo Alto Security Engineer
  • Leidos
  • St. Louis, MO
IT Security Risk Assessor
  • BJC Healthcare
  • Saint Louis, MO