Lead Application Security Architect
Leap Staffing Agency
- Atlanta, GA, United States
In this mission critical role as Lead Application Security Architect, you will serve as the AppSec Technical Lead for our client. You will be part of a dynamic global application security team, working directly with software architects and software engineers to lead, establish, enable, and improve the security of the software solutions developed within the company.
As NCR pushes forward as a software-focused company, you’ll work in a fast-paced environment, helping enable teams to work in a DevSecOps model in a world of containers, automated pipelines, and rapid deployments. And you’ll be instrumental in leading the implementation to secure applications and services in a cloud environment. NCR produces hardware and software for major companies in Retail, Hospitality, and Financial Services – come help secure the state-of-the-art!
- Collaborate with engineers, consultants and leadership to address security risks and provide mitigation recommendations within the Secure Development Lifecycle (SDLC).
- Aligning the SDLC to industry standards, including Microsoft SDL, OWASP development guides, and PII related topics such as GDPR and CCPA.
- Perform proof-of-concept and proof-of-technology testing for integrating new 3rd party security products into the development and deployment processes.
- Perform threat modeling, design reviews and code reviews as part of the development lifecycle.
- Design and deploy state-of-art technology to meet the business needs and interface with business units regarding technical planning and application security topics.
- Perform security architecture and design reviews of systems and applications developed in NCR.
- Perform validation of security controls to insure adherence with compliance and industry best practices.
- Perform hands on security testing of products and services to proactively discover risk and track them to resolution.
- Consulting product teams on how to architect and implement PCI & FFIEC compliant solutions and ensuring audit compliance.
- Understand, balance and communicate business risk with security risk.
- Ability to understand business requirements and apply security without adversely affecting the desired functionality.
- High level of personal integrity, with the ability to professionally handle confidential matters, and reflect appropriate level of judgment as it pertains to security.
- Leading includes keeping better communication with other engineers, consultants and leadership in order to conduct other job duties in the above as a team.
Required Skills and Experience:
- Bachelor’s degree in Computer Science, Information Security/Cyber Security or equivalent.
- 5+ years’ previous experience in information security.
- 5+ years’ experience working within software development.
- 3+ years’ experience implementing PCI compliant solutions.
- Excellent written and oral communication skills, as well as interpersonal skills including the ability to articulate to both technical and non-technical audiences.
- Firm understanding of enterprise class application architectures that are highly scalable and reliable and the ability to secure them.
- Experience with containers and Kubernetes.
- Experience with GCP, Azure, and AWS technologies.
- Experience with security architecture and design reviews.
- Experience with multiple languages such as Java, .Net, and Node.js etc. and understand how to detect and remedy related security issues such as OWASP top 10.
Preferred Skills and Experience:
- Excellent analytical, evaluative, and problem-solving abilities.
- Experience with Security tooling: Coverity, AppSpider, Seeker, AquaSec.
- Experience with securing host, database, and application solutions for multi-tier systems.
- Experience with Penetration Testing.
- Experience implementing PCI & FFIEC compliant solutions and ensuring audit compliance.
- Knowledge of automated attack tools and developing mitigation techniques.
- Hacker mindset and always strives to think like an attacker.
- Technical certifications within information security are a plus (CISSP, CCSP, GIAC or equivalents).
- Active participation in cybersecurity forums/conventions (e.g. DEFCON, BlackHat) public speaking is a plus.
Saturday, January 11, 2020