Application Security Architect

Role: Application Security Architect This role is responsible for architecting, designing security controls for applications. The successful candidate will lead efforts to establish and improve secure Software development lifecycle (SDLC) activities and identify tools to integrate into the development process to assess the security of applications. When appropriate, this role will define test plan, perform manual security testing of application components, like APIs to ensure they meet all applicable application security standards,. When security flaws/vulnerabilities are identified this role will work with development teams, offer technical expertise to fix identified issue. You will also lead efforts to create an appropriate application security standard based on industry benchmarks such as OWASP,SANS etc, Typical Day Act as application security expert, liaison for BU and other relevant team members with cybersecurity teams. Be a leader to drive large scale application security requirements. Review application services from a security standpoint, create security baseline controls, conduct code reviews, software composition analysis (SCA) as required. Create test criteria relevant to security controls defined, prepare test plans and guide junior team members to test the services – APIs, Custom-developed applications. Develop and execute project plans to ensure enterprise cybersecurity initiatives are delivered as per schedule. Work with business/IT leaders to plan the project, communicate the project status. Develop metrics and dashboards to provide visibility to cybersecurity risks for IT and business partner organizations. Required technical skills : MUST have good understanding of application security standards, secure coding practices Hands-on experience in multiple application development technologies such as java,.Net, Ruby, python etc., Good knowledge of customizing security frameworks Understanding of engineering applications, infrastructure and software development process Knowledge of securing web applications and interfaces against common vulnerabilities Experience in performing code reviews, security scans, applying patches, remediating vulnerabilities and code reviews Deep understanding of docker, Kubernetes, Micro service , SaaS, PaaS, On-prem Client-server architecture and web technologies Experience in supporting Agile teams Hands-on experience in JIRA or similar platforms Experience defining and executing a Secure Software Development Lifecycle Knowledge of securing applications using SAML and OAuth Knowledge of commonly used DAST and SAST tools for testing security vulnerabilities Working knowledge Common Vulnerability Scoring System (CVSS) Understanding of Open Web Application Security Project (OWASP) Security Framework Experienced with security testing methodologies – Vulnerability assessment and Penetration Testing Soft Skills Required: Good communicator with sound understanding of software release cycle. Able to lead a team of application security experts. Collaborate with other technical experts and business partners to explain the risk/gap and discuss recommendations to secure the application/API. Able to communicate with peers and leaders in a verbal or written manner that is professional and concise. Ability to manage small/medium projects with relation to risk mitigation and rolling out security initiatives across the division. Add/build additional capacity and Appsec capabilities as required. Tool exposure: Experience in DAST and SAST tools such as WebInspect, Acunetix, Burp Suite Pro, AppScan, Netsparker, HP Fortify, Checkmarx, Qualys, Rapid7, etc Experience in Jira, Confluence Preferred certifications : OWASP Certified Education: Bachelor's degree in computer science or equivalent. 10-14 years’ experience required.