Enterprise Security Architect - Application Coding

col-narrow-left
Job ID:
2519199
Location:
Chicago, IL
Category:
Information Technology, Telecommunications, Array
Salary:
$150,000.00 per year
Zip Code:
60601
Employment Type:
Full time
Posted:
12.07.2018
col-narrow-right
col-wide

Job Description:

Enterprise Security Architect

Salary: 120-150K + 15% bonus

Locaction: Chicago

Looking for a candidate with application coding background (C#, Java, C++ etc) then got into security. Need someone who understands application security and can function as a architect coming up with solutions.

The Architecture team will advocate, design, and help drive implementation of processes and technology relating to risk and access control across the Enterprise organization; collaborates with the Information Risk group and Audit Group to identify & prioritize risk issues, technology audits, and compliance issues. The Security Architecture team owns security assessments, Security Policies and Standards, and the Security Risk Management Program.

Responsibilities

  • Participate in defining and maintaining the security strategy for Application Security
  • Participate in providing information risk management consulting to the enterprise. Conduct risk assessments of new and existing technologies, primarily related to application security.
  • Participate in providing strategic technical architectures (current state, reference, transition) for the enterprise, which are used to guide subsequent solution, infrastructure, and application architectures
  • Recognize, identify, and address potential areas where existing security policies and procedures require change, or where new ones need to be developed, especially regarding future business expansion.
  • Work in partnership with application development resources to embed security into applications. Participate in establishing an inter-departmental DevSecOps culture to enable continuous security enhancements and new feature releases into the product design
  • Participate in development of application security threat models, and apply for identification and responding to threats. Work with the owners and teams to identify and arrange for deployment of appropriate compensating controls to address vulnerabilities, security gaps, and risks.
  • Participate in application and software development design reviews, code assessments, and development life cycle planning
  • Evaluate and recommend product concepts & IT project requests to ensure adherence to security standards, particularly related to application security functions. This includes internal, third party, and cloud-based solutions.
  • Perform or contribute to security testing of systems.

Experience and Educational Requirements

  • College degree in related technical/business areas preferred
  • 3+ years relevant work experience preferred
  • Experience or exposure to building security into the SDLC cycle, DevSecOps, and secure coding
  • Prior development experience is a plus
  • Experience with Automated and Manual Secure Code Assessments
  • Experience with Mobile application security
  • Experience with several of the following: Java, PHP, Python, C/C++/C#, Node.JS, .NET, Perl, common database technologies
  • Experience with dynamic application security testing
  • Penetration Testing experience is a plus
  • Professional Certification such as CISSP, CISM, SCF, GPEN, CEH, CPT, CCSK is a plus
  • Knowledge of application security technologies: Code scanners (Static and dynamic), application Firewalls, vulnerability scanners
  • Knowledge of Identity and access technologies: AD/LDAP, Identity Management (IdM), industry standard authentication solutions (SAML, OAuth, OpenID, identity provider & service provider oriented platforms)
  • Knowledge of Industry Standards: ISO 17799/27001, CIS Critical Security Controls, NIST Publications, and other Industry Related Security Standards
  • Knowledge of Industry Regulations: Payment Card Industry (PCI), CPNI, SOX
  • Knowledge of Frameworks: ITIL, COBIT, NIST CSF
  • Knowledge of Cloud
Company Info
Request Technology - Robyn Honquest