We are seeking to add an Application Security Architect to our
growing managed security offering. This individual will utilize a
combination of business process analysis, technical process
analysis and technical expertise to develop enterprise
architectural security deliverables. This analyzes the
relationships of the various IT components and business processes
to define approaches that provide significant value to our clients
by driving appropriate security strategies across these
This individual will be working closely with key client decision
makers and business leaders as well as varying levels of
technologists requiring this individual to have solid communication
skills with all levels of an organization. Additionally, this
individual would be responsible for developing advanced enterprise
security ideas aligned with key industry standards that can guide
our security offerings into the future.
RESPONSIBILITIES Build strong client relationships and
effectively influence staff at all levels of client
Advise senior client management on security risks.
Translate security risks to business impact.
Consult and facilitate delivery of Information Security
strategic goals and initiatives for clients
Assists in the evaluation of overall risk for IT systems
(including data), accounting for the people, processes, and
technologies that provide security controls
Architects, prioritizes, coordinates and communicates the choice
of security technologies necessary to ensure a highly secure yet
usable computing environment
Provide security architecture and advice in support of
application development, infrastructure, and enterprise technology
Coordinate with various project teams to communicate the
necessity of security requirements and design constraints.
Identify any gaps in existing application security
infrastructure to meet project requirements, work with the Client
Management to identify and roadmap solutions.
Perform code analysis, application security reviews, and develop
an application security training program.
Stays current with security technologies and make
recommendations for use based on business value.
Maintains an expert knowledge in the field of Information
Security and the related issues, systems, processes, products, and
Provide training and mentoring to client and consulting
QUALIFICATIONS Solid history of designing, developing, or
customizing application authentication and authorization
Understanding of the OWASP Top 10 application security risks and
how to address them.
Working knowledge of the Microsoft Security Development
Lifecycle (SDL ), OWASP Software Assurance Maturity Model (SAMM),
or Building Security in Maturity Model (BSIMM).
Strong working knowledge of enterprise software technologies,
application security, and infrastructure.
Working knowledge of Microsoft Azure or other cloud computing
platform offerings and security related services.
Hands on experience with encryption, hashing, secure random
number generation, key derivation, key management, digital
signatures, etc. in one or more major development languages.
Core understanding of web application security scanning software
and related penetration testing tools
General knowledge of core security networking concepts like TLS,
SSH, DNS, Firewalls etc.
Solid understanding of cloud architecture as well as on premise
General understanding of regulatory compliance and how it
relates to application security and privacy.
Applicable certification strongly preferred (e.g.,etc.) or
obtained within 6 months of employment
Strong communication skills, both written and verbal.
Ability to articulate technically advanced issues to all
Highly seasoned in organizational, time management, decision
making and problem solving skills
Ability to mentor and train internal and client teams.
Ability to work under pressure, establish priorities and respond
EXPERIENCE/EDUCATION Bachelor's degree preferred.
4+ years of advanced security experience.
Minimum of 10 years application development experience ideally
within the Microsoft development stack.
Applicable certification strongly desired (CISSP, CISSP - ISSAP,
CEH etc.) or obtained within 6 months of employment.
Most important criteria is a strong desire to be part of a high
performing team, providing quality solutions and experiences for