Senior Application Security Architect

Required Experience: 

• This position requires a strong knowledge of application security architecture and software development, with a focus on automation, integrating security within the CI/CD pipeline, and DevOps toolchain

• Strong understanding of Application Security Verification Standard (ASVS), OWASP Top Ten, and other best practices

• Familiarity with attestation process

• Understanding of Integrated Development Environment (IDE) and Continuous Integration / Continuous Delivery (CI/CD) Pipeline tools and processes (e.g. Azure DevOps, Jenkins, Bamboo, etc.)

• Strong working knowledge of Secure Software Development

  • Understanding of automated security testing approaches and tools

  • Experience in building and operating security within CI/CD pipelines

  • Experience with proactive integration of security into the development process

• Experience with public cloud infrastructure (AWS or Azure) and cloud security fundamentals including container-based technologies, infrastructure as code, Git-based source control repositories, pipelines, and common open source toolsets

• Experience in software engineering and software development, including Web applications and technologies

• Experience with automation templates to build security-as-code using terraform, ansible, salt, chef, etc. 

• Excellent written and verbal communication skills

Preferred Experience: 

• Knowledge of secure coding practices and the ability to conduct security assessments and analysis 

• Experience with application security scanning and testing tools (Checkmarx, Contrast, Veracode, Netsparker, and similar)

• Knowledge of threat modeling and risk assessment techniques

• AWS Certifications

Educational & Professional Credentials:

• Bachelor’s degree in a relevant discipline or equivalent experience

• 3-5 years of security engineering or software development experience