Principal Architect - Application Cybersecurity (Remote)

About the position

Responsibilities

• Leads architecture design evaluations and threat modelling of our products (cloud and on-prem).
• Recommends and implements products/services that support operational needs and security requirements.
• Technical point of contact for product teams as it relates to automation, CI/CD, and remediation guidance.
• Assist in leading the design, development, and implementation of security tools, best practices and standards and ensure product development teams understand them.
• Perform code analysis of applications, manually and using SAST, DAST, and SCA scanning solutions as well as conducting manual vulnerability analysis.
• Promotes and contributes to the continuous improvement of security strategy and supports risk prioritization.
• Helps train and support team members.
• Leads the improvement of the accessibility of security through automation, continuous integration pipelines, and other means.
• Educate and mentor junior team members.
• Ensures program(s) is meeting intended purpose and metrics.

Requirements

• Bachelor's degree in STEM, Computer Science.
• Minimum of 7 years of experience in related field.
• Expert knowledge of OWASP Top 10.
• Proficiency in threat modeling.
• Expert knowledge of risk management methodologies and processes.
• Expert knowledge in DevSecOps (e.g., CI/CD, IaC, PaC, CaC).
• Proficiency with security automation tooling and methods (e.g., TerraForm, Ansible, containerization, SBOM).
• Proficiency with application testing (e.g., SAST, DAST, MAST, Pen Test tooling).
• Proficiency with scripting (e.g., PowerShell, Python, Perl, Bash).
• Proficiency with programming languages (e.g., Python, Java, .Net) and modern programming language structure (e.g., Object Oriented Programming, web framework).
• Proficiency with CI/CD technology stacks (e.g AWS, Harness, TeamCity, GitHub, Artifactory, CHEF, CloudWatch).
• Proficiency with Software Development Lifecycle processes.
• Proficiency with web and app security stack (e.g., API security).
• Proficiency with vulnerability management processes and providing remediation guidance.
• Proficiency in the understanding of compliance frameworks (e.g., NIST 800-53, OWASP frameworks) and processes.
• Proficiency in cryptography.
• Proficient knowledge of IAM (i.e., authentication and authorization).
• Proficient understanding of networks and network security (e.g., WAF, Micro-segmentation).
• Proficient in risk management methodologies.
• Proficient in cloud technologies.
• Ability to work independently and self-motivate.
• Excellent problem solving, critical thinking, interpersonal, collaboration, written and verbal communication skills.
• Certified Information Systems Security Professional (CISSP), or equivalent.
• Must be legally authorized to work in the United States for any employer without sponsorship.
• Successful completion of interview required to meet job qualification.
• Reliable, punctual attendance is an essential function of the position.

Nice-to-haves

• Master's degree.
• Certified Ethical Hacker (CEH).
• GIAC Security Essentials (GSEC).
• Certified Information Security Manager (CISM).
• Comp TIA Security +.
• Certified Secure Software Lifecycle Professional (CSSLP).
• Certified Information Systems Auditor (CISA).
• Systems Security Certified Practitioner (SSCP).
• CompTIA Advanced Security Practitioner (CASP+).
• Offensive Security Certified Professional (OSCP).
• Minimum of 12 years of experience in related field, including any combination of the following: threat modeling, secure coding, mobile and API security, identity management and authentication, software design and development, cryptography, system administration and network security, cloud computing.
• Proficiency with application penetration testing to demonstrate and test exploitability of vulnerabilities.
• Proficiency in waterfall and agile development processes and ability to integrate secure development practices into both models.
• Success in implementing effective Secure SDLC frameworks across a large corporation.
• Proficient knowledge of cloud security infrastructure technologies (e.g., containerization, service mesh, micro-services).
• Proficient in LLM/GenAI technologies.
• Proficient in mobile development technologies.

Benefits

• Medical, dental, vision, life, accident & disability insurance.
• Parental leave.
• Employee assistance program.
• Commuter benefits.
• Paid holidays.
• Paid time off.
• 401(k) plan.
• Flight privileges.

Apply tot his job Apply To this Job