Application Security Architect
Start a Rewarding Career with Alliant
What will your day look like?
The Application Security Architect is a position of technical expertise, influence, and leadership within the Information Security team. The Application Security Architect is a deeply technical Security Expert helping to guide Alliant and its development organizations to develop sound security development practices.
The incumbent will lead efforts to establish and improve secure SDLC activities and identify tools to integrate into the Agile development process to aid in evaluating the security of the applications. When appropriate, the incumbent will perform manual security testing of application components, such as APIs to ensure they are hardened against exploitation. When security flaws/vulnerabilities are identified, the Application Security Architect will follow the established processes to document, track, and work with development teams to ensure remediation. Responsibilities include leading efforts to create an appropriate application security testing plan based on features and changes scoped-in for new updates (releases) for the applications. General direction is received from the Sr. Manager, Application Security.
Responsibilities
Do you see yourself doing this?
- Help lead the Secure DevOps application security program at Alliant by building, executing, and documenting a Secure Software Development Lifecycle
- Utilization and maintenance of SAST/DAST tools including upgrades, reconfigurations, knowledge of vulnerabilities and experience integrating with build servers, bug tracking and ticketing solutions
- Application security insight and implementation of best practices regarding security in software development, IoT platform, mobile application, user interface design frameworks, high performance messaging solutions and cloud-based solutions
- Demonstrate subject matter expertise (SME) in securing both web and mobile applications against common issues (including OWASP Top 10), to include:
- Knowledge of Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE) and remediation recommendations
- Familiarity of vulnerabilities and attack methods, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), SQL Injection (SQLi), etc. and how to identify, trace and remediate these vulnerabilities
- Determines security requirements based on business needs, knowing information security standards, conducting system security and vulnerability analyses and risk assessments, studying architecture/platform, identifying integration issues, and preparing cost estimates
- Work with corporate security governance team to comply with internal SLA and policies
- Research security technologies and maintain knowledge of current and emerging technologies / products / trends related to security architectural solutions.
Qualifications
What makes you a great fit?
You’ll be a great fit if in addition to the completion of a Bachelor's degree from an accredited College or equivalent combination of education and experience required, and you have:
- 5-7+ years in application security (prefer 1-2+ prior years in development)
- Advanced written and oral communications skills with the ability give a program overview to senior level leadership and clients.
- Able to build and manage a professional development and training program for Application Security Engineers and Architects
- Technical knowledge and experience performing code reviews / reviewing results of static analysis tools (preferred)
- Foundational knowledge of NIST 800-53 and the NIST Cyber Security Framework (CSF)
- Experience building out and operating a Secure DevOps program
- Experience with working with common commercially available and Open Source Dynamic and Static Application Security Testing solutions
- Extensive enterprise development experience in Java and/or .NET languages (preferred)
- Proven understanding of enterprise architectures and best practices for high-volume, high-availability web / mobile apps
- Certified in at least one or more of the following certifications: GCIH, GPEN, OSCP, GREM, CISSP, CISA, CISM or other Incident response certifications.
- Ability to travel (less than 20%)
When you’re happy, we’re happy!
As a thank you for joining our team, you’ll benefit from:
- Competitive medical, dental, and free vision benefits
- Competitive compensation plan
- Contributions towards gym memberships
- Generous PTO and banking holidays off