Full-Time Application Security Architect Based in San Francisco, CA
The core responsibility of the Application Security Architect is to ensure our software engineering teams deliver applications that meet the security needs of our business, while continuing to meet quality, resiliency and scalability demands. This will be achieved through developing, socializing and tracking adherence to good design and coding standards, application and enhancement secure design reviews, ongoing improvement of automated security testing in our CI/CD pipeline, penetration testing (in partnership with Security Engineering and Compliance) and ensuring remediation steps for critical security findings are integrated into revised secure design and coding standards (closed loop controls).
In the Application Security Architect role, you will be responsible for developing the multi-year strategy for the organization’s application security tools, processes and standards. You will work with other architects and our software delivery teams to ensure all our applications are designed, implemented and deployed to meet the security requirements of our business.
This role reports to the Chief Information Security Officer.
* Develop security practices leveraging cutting edge technologies
* Implement best practices, standards and a road map for security-by-design
* Create policies, standards and procedures
* Train and mentor other Security and Technology team members
* Work with architects, principal engineers and compliance leaders to ensure we delivery and operate secure applications
* Review application and enhancement designs and code to ensure our teams are following security standards and best practices
* Select or design and deliver secure, re-usable application components, services and libraries
* Partner with a cross functional group of subject matter experts to design and execute your strategy
* Have the opportunity to be hands-on, working side by side with our people to get things done
* Publish Build-To and review the As-Built documentation for current and new security and compliance related design concepts and standards.
* Provide insightful data to guide decision making and offer proactive solutions.
* Think and act strategically. Stay abreast of trends and advances in application and security solutions and monitor changes that affect information security and compliance.
* Research, design, and advocate new technologies, architectures, and security products that will support security requirements.
* Evaluate and recommend new and emerging security standards, products and technologies.
* You work well in a fast paced, collaborative environment
* You have strong capabilities in authoring technical documentation including HLD/LLD/NIP
* You have the ability to convey complex technical security concepts to technical and non-technical audiences including executives required
* Extensive knowledge of internet security issues
* Enthusiasm for the constant fight to ensure security and privacy on the internet
* Demonstrated ability to build and execute complex security designs, strategies to support secure and compliant architecture and software development, as applicable to both on-premise and cloud infrastructures
* Leadership characteristics as shown by a history of inspiring and motivating people to a common purpose at all levels within a company. Ability to gain immediate credibility at all levels both inside and outside the organization and develop lasting, productive and collaborative relationships
* Working knowledge of PCI-DSS regulatory issues and implementation best practice
* Knowledge of full-stack web application technologies
* Ethical hacker training and/or certification, or interest in learning ethical hacking preferred.
* Bachelor’s degree in Computer Sciences, Engineering, or related field or an equivalent combination of related education, training, and experience
* At least ten years progressive work experience in information security and technical fields
* Superior oral and written communication skills. Ability to exhibit a leadership presence when necessary
* Proficiency in multiple software engineering, UI and scripting language
* Demonstrated knowledge of continuous delivery principles and tooling
* Experience in and commitment to agile software delivery principles and practices
* Strong critical and analytical thinking skills sufficient to solve complex design problems, troubleshoot issues, and specify critical controls to measure project and program success
* Knowledgeable in application security trends, products and tooling
* Knowledge of theory and principles of application architecture
30 total views, 1 today