Experience:
5+ years of experience
Concerned about your lack of experience? Learn More...
Employment Type:
Full time
Posted:
8/21/2017
Job Category:
Information Services
Industry:
Other
Senior Application Security Architect
(This job is no longer available)
ESG Consulting | Atlanta, GA
loading
loading
School
Major
Grad Date
 
 

Not sure what types of jobs you are interested in?


Explore Jobs
Based on Your Education

Follow This Company
Share

Job Description

Senior Application Security Architect

Job Description:

The Senior Application Security Architect will consult with all relevant Information Technology (IT) teams on all matters relating to Application Security and will be responsible for the development, maintenance and continuous monitoring of application security architecture related controls.

This role is focused on people, process and technology to ensure Secure Software Development Life Cycle (SDLC) for a fast-paced IT application support and infrastructure teams.

The role requires a solid understanding of application security principles, best practices and a background working in a secure application development and coding environment within an enterprise.

Job Tasks:

  • Build a very close working relationship with the Office of Infrastructure and the Office of Application Support under the Department of Information Technology (IT).
  • Provide strong information security leadership and cross-functional/stakeholder communications.
  • Develop and maintain up to date documentation related to Application Security including the development of secure coding policies, procedures and standards to ensure effective and efficient Secure Software Development Life Cycle (SDLC) processes, to include necessary information security checkpoints, code review (Whitebox) methodologies, etc.
  • Manage training programs on secure code development best practices for developers.
  • Identify information security requirements by evaluating business strategies and requirements; researching information security standards; conducting vulnerability and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
  • Plan and coordinate with internal teams on the design, integration, development, validation and implementation of specific policies, procedures and standards.
  • Serve as Advisor to Office of Infrastructure and the Office of Application Support on:
    • Evaluation of new security trends and technologies
    • Assessment and acquisition of application security tools and technologies
    • Vulnerability and penetration testing and gap remediation workflows
    • Network and End-point forensics
    • Incident response workflows
    • Audit compliance reporting
    • Data loss prevention
  • Attend design and application architectural reviews and actively lead discussions from an information security standpoint.
  • Participate an information security subject matter expert in the incident response program.

Minimum Experience & Qualifications:

  • Minimum of 5 years in the following information security functional areas:
    • Web and Mobile Application Security
    • Dynamic Application Security Testing
    • Static Application Security Testing
    • Patch & Vulnerability Management
    • Vulnerability & Penetration Testing
    • Authentication and Authorization
    • Identity and Access management
    • Two Factor Authentication (2FA)
    • Single Sign On (SSO)
  • Expertise in mitigating and addressing technology or application threat vectors.
  • Expertise in building a defense-in-depth infrastructure security architecture that includes information security controls across multiple technology stacks.
  • Experience with Web Application Firewalls, Runtime Application Self-Protection (RASP), Reverse Proxies and other protection technologies (network, operating system and application layers).
  • Solid knowledge and understanding of securing all major web server environments and cloud platforms based on Open Web Application Security Project (OWASP) Top Ten recommendations.
  • Demonstrated knowledge of regulatory and statutory compliance requirements across industries.
  • Familiarity with dynamic web application vulnerability assessment tools and services.
  • Familiarity with static code analysis tools and services.
  • Familiarity with high level programming languages.

Job Requirements:

  • Master's Degree combined with 15+ years of overall information security experience.
  • Strong program development, program management and leadership skills including experience in developing, documenting and establishing holistic information security programs and best practices.
  • Deep application development/software development knowledge, understanding of information security protocols and Application programming interfaces (APIs).
  • Understanding of application threat modelling and Secure SDLC best practices.
  • Strong documentation skills in writing application security policies, procedures and standards.
  • Current information security management certifications such as CISSP, CISM and HISP.
  • Curious, inquisitive, lifelong learner and self-starter.
  • High level of personal integrity and trustworthiness.
  • Great team player with good communication skills.

Qualifications

Applicants must be eligible to work in the specified location

About ESG Consulting

ESG Consulting is an award-winning national provider of diversified Information Technology and Engineering consulting services to Fortune 1000, public sector entities, and emerging growth firms nationwide. Founded in 1986, ESG offers 20 years of experience in the IT and Engineering staffing and consulting industry. We take pride in our philosophy of "Organic Growth". The stability of our company is emphasized in our continuous growth and presence throughout the United States as well as our increasing financial success throughout the years. Our record of success, innovation, growth, and industry leadership, have led America's most successful firms to depend on us for their strategic IT and Engineering consulting needs. ESG is pleased to count among our many satisfied customers: Hewlett-Packard, the States of California, Georgia, Colorado and Texas, Visa, Sun Microsystems, Cisco Systems, Lockheed Martin, and Wells Fargo Bank. Headquartered in Santa Clara, we have opened offices nationwide and to this day are consistently re-evaluating and expanding our service offerings and geographic capabilities. Today, we serve most major metropolitan markets. ESG is backed by a history of financial strength and profitability. All our services are fully insured for our client's protection. Our industry participation helps us stay current with the latest trends and technologies, which allows us to better serve our customers. ESG Consulting has been a core member of NACCB (National Association of Computer Consulting Businesses) for over 16 years. We are also proud to be one of the founders of the NACCB Education Foundation, which grants scholarships for students pursuing degrees in Computer Science.