Senior Application Security Architect

Overview

Full Time
Part Time
Accepts corp to corp applications
Contract - Independent
Contract - W2

Skills

Workflow
Collaboration
Software Development
Security Controls
Continuous Delivery
Jenkins
GitLab
Continuous Integration
GitHub
Lifecycle Management
Orchestration
Docker
Kubernetes
Terraform
Ansible
Software Security
Testing
Cloud Computing
Amazon Web Services
Google Cloud Platform
Google Cloud
OWASP
Threat Modeling
Risk Assessment
Vulnerability Scanning
Reporting
Scripting
Python
Bash
Windows PowerShell
Regulatory Compliance
ISO/IEC 27001:2005
System On A Chip
CISSP
Cisco Certifications
Microsoft Azure
OCP
DevOps

Job Details

  • Assess the architecture, controls, processes and deployments of secure CI/CD pipelines
  • Assess current integrations of security controls and automation in the development workflows
  • Collaborate with development, operations, and security teams to understand the security best practices and compliance standards
  • Review the adoption of secure coding practices and their effectiveness
  • Evaluate potential options for automating security checks, integrating security tools and controls, and ensuring security throughout the development lifecycle
  • Strategize and develop plans to modernize pipelines and remove manual processes

Required Skills & Qualifications

  • Proven experience in integrating security into DevOps pipelines, ensuring continuous security throughout the software development lifecycle
  • Expertise in cloud technologies, automation tools, security controls, and a strong understanding of security frameworks and compliance standards
  • Proven experience working with development, operations, and security teams to integrate security practices into the development lifecycle
  • Strong understanding of CI/CD tools (e.g., Jenkins, GitLab CI, GitHub Actions, Azure DevOps).
  • Working knowledge in branching strategy and development lifecycle management.
  • Expertise in containerization and orchestration (e.g., Docker, Kubernetes).
  • Proficiency in infrastructure as code (IaC) tools (e.g., Terraform, Ansible, CloudFormation) or Azure Resource Manger templates
  • Skilled in using Checkmarx for static application security testing (SAST) and Invicti for dynamic application security testing (DAST) to identify and remediate vulnerabilities in code
  • Experience with cloud platforms (OCP, Azure, AWS/ Google Cloud Platform) and their security services and best practices
  • Strong understanding of secure development lifecycle framework, secure code practice and OWASP Top10 vulnerabilities and remediation
  • Capable of conducting threat modelling and risk assessment to identify potential vulnerabilities
  • Experience in automating security processes and controls, including vulnerability scanning, remediation and compliance reporting
  • Good knowledge of scripting skills (e.g., Python, Bash, PowerShell)
  • Familiarity with compliance frameworks (e.g., NIST, ISO 27001, SOC 2)

Preferred Qualifications

  • Certifications: CISSP, CCSP, or equivalent. Azure, OCP certification (Security and Devops)


Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.