Senior Application Security Architect - Remote

Dice is the leading career destination for tech experts at every stage of their careers. Our client, Technogen, Inc., is seeking the following. Apply via Dice today!

TECHNOGEN, Inc. is a Proven Leader in providing full IT Services, Software Development and Solutions for 15 years.

TECHNOGEN is a Small & Woman Owned Minority Business with GSA Advantage Certification. We have offices in VA; MD & Offshore development centers in India. We have successfully executed 100+ projects for clients ranging from small business and non-profits to Fortune 50 companies and federal, state and local agencies.

Please find the below requirement if interested, please share updated resume at

Position: Senior Application Security Architect

Duration: LONG TEARM

Location: Louisville, KY (Permanent Remote)

Description:

Note: Please do not rule out the skills listed under 'Preferred Qualification' and try to find candidates who would qualify on as many as skills possible in this job description.

We are searching for an experienced Application Security Architect who can utilize solid business knowledge and expert technical experience in security to help develop strategy, roadmap and execution for our Application Security program. In this role you will work to discover security issues proactively during solution design and prevent vulnerabilities during development. You will support the development of design patterns and development standards to help developers and architects build secure solutions. You will support the development of assessment frameworks to evaluate designs then be responsible for their execution. These processes will become especially pertinent in support of current technology modernization efforts with a big emphasis on cloud adoption.

:

Support the design of proactive application security frameworks to ensure the secure architecture and development of business solutions. This includes frameworks for performing consistent application security assessments and threat models as well as the development of secure design patterns and development standards.

Implementation of the above controls into a modern SDLC.

Conduct application security assessments, threat modeling and architecture reviews

Proactively communicate design and development principles to appropriate stakeholders

Proactively improve security designs to reduce vulnerabilities found after development of code

Influence stakeholders to correct security deficiencies in the solution design as well as developed code

Provide solutions to security deficiencies while allowing for necessary business and technical functionality

Automation and standardization of all applicable processes

Required Qualifications:

Technical Competencies

In depth comprehension of the OWASP Top 10 and an ability to communicate with developers and application architects. Development or software architecture background is preferred.

Experience working with application security frameworks such as BSIMM and SAMM

Expertise in performing cloud architecture reviews, application risk assessments and threat modeling

Experience in integrating security controls into all forms of SDLC including automation into a CI/CD pipeline

Analyzes business impact and exposure based on emerging security threats, vulnerabilities and risks, and recommends technologies and solutions to mitigate them.

Implement security considerations for in house developed, COTS and SaaS solutions

Translates technical concepts into plain language to show business risk

Collaborates with developers and software architects to adjust designs to securely meet business and technical requirements

Cultural Competencies

• Comfortable operating in an environment with constant change and ambiguity
• Experience working in highly regulated environments subject to HIPAA, HITrust, PCI or other related
• Build relationships with development, software architecture and product management stakeholders
• Demonstrated experience mentoring others by providing technical guidance to project teams

Preferred Qualifications:

• GIAC or Offensive Security certifications
• Automation and standardization of software security controls, particularly into a CI/CD pipeline
• Communicate the need for security controls to a business audience, including justification of spend and effort
• CISSP, CISM or equivalent
• Cloud Architecture and/or Cloud Security Certifications (AWS, Azure, Google Cloud Platform)
• Bachelor's degree in an IT-related field strongly preferred; post-graduate degree is a bonus, but not required
• Experience with CI/CD pipelines
• Cloud Security Alliance (CCSP, CCSK) (ISC)2
• Knowledge and experience with the configuration of security controls and secure migration of enterprise applications to one of the major cloud providers such as Azure (preferred), Amazon Web Services, or Google Cloud.

Senior Application Security Architect - Remote