The Security Architect is a key technical leadership role within the DevSecOps function. Responsible for implementing secure modern business solutions supporting Cloud, Mobile, Social, Integration, and Data solutions. The individual will participate as a technical expert for supporting secure applications throughout the software development life cycle. The specific responsibilities will vary from project to project, providing excitement and variety, but also requiring flexibility and adaptability to learn as well as acquire new skills in support of leading edge technologies.
The candidate will work closely with the Information Security Office, Enterprise Architecture team, Business Architects, Data Architects, and delivery team members across the organization to leverage their expertise and ensure project solutions are in alignment with overall business and technology strategies.
• Provides the architectural leadership in shaping strategic, application security technology programs for the Application Security Team under ISO organization
• Participates in the plan and design of security systems by evaluating and applying application security frameworks and technologies. Develop and implement the security requirements and standards for the SDLC
• Experience with multiple Application Security Tools (SAST, DAST, IAST, MAST) and the integration into the SDLC via CI Automation and Integration
• Assists in determining security requirements by evaluating business strategies and requirements; researches information security standards; conducts system security and vulnerability analyses and risk assessments; studies application architecture/platform; identifies integration issues.
• Experience with modern application packaging, deployment, containerization, bug tracking tools and other supporting tools (Jenkins, Maven, Docker, Kubernetes, Jira, etc.)
• Experience with modern source code management and software repository systems (Git/GitHub, Bitbucket, VSTS etc.)
• Experience with securing applications specifically for AWS or Azure Cloud hosting environments
• Verifies application code security by monitoring and ensuring compliance to standards, policies, and procedures. Conducts incident response analyses; develops and conducts training programs.
• Upgrades security systems by monitoring security environment; identifies security gaps; evaluates and implements enhancements. Prepares system security reports by collecting, analyzing, and summarizing data and trends.
• Updates job knowledge by tracking and understanding emerging security practices and standards; participates in educational opportunities; reads professional publications. Maintains personal networks and participates in professional organizations. Enhances department and organization reputation by accepting ownership for accomplishing new and different requests; explores opportunities to add value to job accomplishments. Communicates complicated technical concepts effectively to a broad group of stakeholders.
• Establishes relationships with IT leaders and Department Heads, architects, and technical specialists. Utilizes a general understanding of the competitive landscape and corporate and business unit strategies to provide context for security architectural decision making
• Experience implementing vulnerability remediation. Maintain domain architecture and roadmaps and its alignment with technology roadmap.
•Enhances security team accomplishments and competence by planning delivery of solutions; conduct Security Architecture Review process; answering technical and procedural questions for less experienced team members; teaches improved processes.
• The ability to work independently as well as perform as part of a team
• Excellent communication, time management and organizational skills
• A motivated, enthusiastic and flexible approach to work in an everchanging environment
• Can demonstrate strong performance ethos and deliver outstanding customer service
• Ability to interface with both technical and non-technical application owners to discuss their vulnerabilities
• Must be a key player within the team enhancing the skillset of all team members
Qualifications & Experience
• Should be educated to degree level in Computer Science, Information Security or equivalent.
• Industry-accepted certifications (Architecture and Security Focused), or a willingness to acquire
• Minimum 15 years’ experience working in building solutions and applications across multiple technology areas
• Minimum 5 years’ experience in application security.
• The role may involve some travel to the USA