Application Security Architect

Role: Application Security Architect This role is responsible for architecting, designing security controls for applications. The successful candidate will lead efforts to establish and improve secure Software development lifecycle (SDLC) activities and identify tools to integrate into the development process to assess the security of applications. When appropriate, this role will define test plan, perform manual security testing of application components, like APIs to ensure they meet all applicable application security standards,. When security flaws/vulnerabilities are identified this role will work with development teams, offer technical expertise to fix identified issue. You will also lead efforts to create an appropriate application security standard based on industry benchmarks such as OWASP,SANS etc,Typical DayAct as application security expert, liaison for BU and other relevant team members with cybersecurity teams. Be a leader to drive large scale application security requirements. Review application services from a security standpoint, create security baseline controls, conduct code reviews, software composition analysis (SCA) as required. Create test criteria relevant to security controls defined, prepare test plans and guide junior team members to test the services – APIs, Custom-developed applications.Develop and execute project plans to ensure enterprise cybersecurity initiatives are delivered as per schedule. Work with business/IT leaders to plan the project, communicate the project status. Develop metrics and dashboards to provide visibility to cybersecurity risks for IT and business partner organizations. Required technical skills: MUST have good understanding of application security standards, secure coding practicesHands-on experience in multiple application development technologies such as java,.Net, Ruby, python etc.,Good knowledge of customizing security frameworksUnderstanding of engineering applications, infrastructure and software development processKnowledge of securing web applications and interfaces against common vulnerabilities Experience in performing code reviews, security scans, applying patches, remediating vulnerabilities and code reviewsDeep understanding of docker, Kubernetes, Micro service , SaaS, PaaS, On-prem Client-server architecture and web technologiesExperience in supporting Agile teamsHands-on experience in JIRA or similar platformsExperience defining and executing a Secure Software Development LifecycleKnowledge of securing applications using SAML and OAuthKnowledge of commonly used DAST and SAST tools for testing security vulnerabilitiesWorking knowledge Common Vulnerability Scoring System (CVSS)Understanding of Open Web Application Security Project (OWASP) Security FrameworkExperienced with security testing methodologies – Vulnerability assessment and Penetration Testing Soft Skills Required:Good communicator with sound understanding of software release cycle.Able to lead a team of application security experts.Collaborate with other technical experts and business partners to explain the risk/gap and discuss recommendations to secure the application/API.Able to communicate with peers and leaders in a verbal or written manner that is professional and concise.Ability to manage small/medium projects with relation to risk mitigation and rolling out security initiatives across the division.Add/build additional capacity and Appsec capabilities as required.Tool exposure:Experience in DAST and SAST tools such as WebInspect, Acunetix, Burp Suite Pro, AppScan, Netsparker, HP Fortify, Checkmarx, Qualys, Rapid7, etcExperience in Jira, ConfluencePreferred certifications: OWASP CertifiedEducation:Bachelor's degree in computer science or equivalent. 10-14 years’ experience required.