Application Security Architect

Role : Application Security Architect

This role is responsible for architecting, designing security controls for applications. The successful candidate will lead efforts to establish and improve secure Software development lifecycle (SDLC) activities and identify tools to integrate into the development process to assess the security of applications. When appropriate, this role will define test plan, perform manual security testing of application components, like APIs to ensure they meet all applicable application security standards,. When security flaws / vulnerabilities are identified this role will work with development teams, offer technical expertise to fix identified issue. You will also lead efforts to create an appropriate application security standard based on industry benchmarks such as OWASP,SANS etc,

Typical Day

Act as application security expert, liaison for BU and other relevant team members with cybersecurity teams. Be a leader to drive large scale application security requirements. Review application services from a security standpoint, create security baseline controls, conduct code reviews, software composition analysis (SCA) as required. Create test criteria relevant to security controls defined, prepare test plans and guide junior team members to test the services – APIs, Custom-developed applications.

Develop and execute project plans to ensure enterprise cybersecurity initiatives are delivered as per schedule. Work with business / IT leaders to plan the project, communicate the project status. Develop metrics and dashboards to provide visibility to cybersecurity risks for IT and business partner organizations.

Required technical skills :

• MUST have good understanding of application security standards, secure coding practices
• Hands-on experience in multiple application development technologies such as java,.Net, Ruby, python etc.,
• Good knowledge of customizing security frameworks
• Understanding of engineering applications, infrastructure and software development process
• Knowledge of securing web applications and interfaces against common vulnerabilities
• Experience in performing code reviews, security scans, applying patches, remediating vulnerabilities and code reviews
• Deep understanding of docker, Kubernetes, Micro service , SaaS, PaaS, On-prem Client-server architecture and web technologies
• Experience in supporting Agile teams
• Hands-on experience in JIRA or similar platforms
• Experience defining and executing a Secure Software Development Lifecycle
• Knowledge of securing applications using SAML and OAuth
• Knowledge of commonly used DAST and SAST tools for testing security vulnerabilities
• Working knowledge Common Vulnerability Scoring System (CVSS)
• Understanding of Open Web Application Security Project (OWASP) Security Framework
• Experienced with security testing methodologies – Vulnerability assessment and Penetration Testing

Soft Skills Required :

Tool exposure :

Experience in DAST and SAST tools such as WebInspect, Acunetix, Burp Suite Pro, AppScan, Netsparker, HP Fortify, Checkmarx, Qualys, Rapid7, etc

Experience in Jira, Confluence

Preferred certifications :

Education :