DescriptionYou will be responsible for designing, implementing, and maintaining the security architecture of our company's core business applications. You should have at least 10 years of experience in application security architecture delivering expertise in threat modeling, application security testing, secure SDLC, AWS cloud, and financial industry security standards and compliance.
Job responsibilities
- Leading the designing and implementing of automated security tools throughout the product pipeline
- Partnering with product team to drive shift-left security strategy preventing vulnerabilities in products early in development phase in the SDLC
- Perform threat modeling and risk assessments to identify potential vulnerabilities and develop mitigation strategies
- Conduct continuous application security testing, guide security champions and dev team and coordinate remediation efforts
- Responsible for analyzing security of applications and services, identifying risks and compliance gaps, continuously seeking to improve compliance with established standards
- High level understanding of application and network zero-trust journey
- Advancing a culture of security by creating and sharing the vision through presentations, effective influence, and leveraging management support as needed.
Required qualifications, capabilities, and skills
- 9 to 10 years of relevant experience in Application and cloud security with secure SDLC working with distributed enterprise applications.
- In-depth knowledge of security controls and testing techniques for each phase of the SDLC, including planning, design, development, testing, and deployment
- Establishing vulnerability triage meetings with development teams to guide remediation of SAST, SCA, DAST, IAST vulnerabilities
- Extensive knowledge of threat modeling methodologies and experience conducting threat modeling exercises for applications
- Knowledge of core application security principles, common security vulnerability classes, their root causes and mitigations
- Proven knowledge of designing and implementing AWS cloud security controls, and services
- Build security metrics to track the effectiveness of our security excellence programs
Preferred qualifications, capabilities and skills
- Understanding of Secure Software Supply Chain principles and practices such as software Bill of Materials (BoM), vulnerability scanning of software dependencies, and third-party risk management
- Demonstrate experience in managing multiple project initiative and research engagements
- Experience with financial industry compliance frameworks such as the ISO 27001 and the NIST Cybersecurity Framework
- Ability to conduct security assessments and audits to ensure compliance with security standards and regulations. Relevant security certifications such as CISSP, CCSP, or AWS certifications are a plus.
