Application And Cloud Security Architect
Columbia (Or Remote) , MO 65203
Posted 3 weeks ago
This Job is not relevant Tell us why
Application and Cloud Security Architect
We are in search of an Application and Cloud Security Architect who can lead an enterprise security improvement program for a rapidly growing firm in the financial services industry. This role will establish strategy, policies, procedure and best practice security methodology for both application security and the migration of applications to the cloud.The ideal candidate will be responsible for maintaining the fidelity and security of our on premise applications and our growing number of cloud computing environments. As a key member of the Security team, you will be responsible for evaluating, creating, designing, developing and evangelizing a Secure Software Development Lifecycle (SSDLC) program which will enhance the security of all digital assets across the enterprise,Primary ResponsibilitiesApplication Security Architect Responsibilities
Cloud Security & Governance Architect Responsibilities
- Build and lead a continuously improving Secure Application Security Program focused on application & cloud security architecture, secure coding patterns, and threat modeling.
- Partner and Improve Secure Software Development Lifecycle (SSDLC) & Building Security in Maturity Model (BSIMM) maturity scores
- Assist with the creation and management of SSDLC policy and standards
- Partner to create, manage, and measure application security secure coding patterns and their adoption
- Responsible for the Threat Modeling program
- Lead Application Architecture Risk Assessment (ARA) program
- Partner and conduct COTS security assessments
- Partner and conduct Open Source and Component assessments specific to software
- Lead security technology tool selection specific to reducing application security and development risks
- Provide application security consulting as needed
- Be an advocate and coach for secure software development
- Facilitate vulnerability management and security risk assessments for an application during an SSDLC engagement
- Act as security design authority for cloud projects. Research, design, develop, and support of reference cloud security architecture component
- Function as a principal cloud technologist to perform technology evaluation, define use cases, architect POC environment, lead POC execution and conduct trade-off analysis
- Drive cloud security solution design for the security architecture framework (e.g., credential management, access provisioning, authentication and authorization, data security, network security, application security, infrastructure security, security monitoring, and operations security)
- Develop applications, integrations, and automation to improve security operations and governance
- Define and evangelize cloud and application security best practices
- Conduct basic and applied research on important and challenging problems in cloud and application security.
- Deliver cloud security architecture diagrams and security architecture specification per cloud security architecture standards
- Review enterprise critical project security architecture and assist solution integration for enterprise cloud projects as needed
- Develop/Harvest cloud security architecture patterns from architecture engagements and add to enterprise security architecture pattern repository
- Summarizes cloud security risks to both technical and non-technical audiences to ensure the appropriate solutions and recommendations are identified
- Responds quickly to customer escalations and works to ensure the best possible outcomes are achieved
- Contributes subject matter expertise critical to the creation and modification of policies and standards;
- Develops junior security architects capable of providing industry-leading cloud reference architectures, and cloud security program maturity studies.
- Bachelors degree in Computer Science, Information Systems, or a related field, or equivalent experience
- You have 8+ years required experience (10-12 years preferred) in an information technology role with increasing responsibility in application security with at least some of that focused in cloud security architecture.
- You have security & cloud certifications such as: AWS, GCP, CISSP, CISM, SANS, Cloud Security Alliance (CCSP, CCSK), OSCP, RSA, GIAC
- You have an understanding of the OWASP Top 10 and SANS/CWE Top 25.
- You have a strong knowledge of cloud hosting environments (AWS, Azure, GCP, OCI, etc).
- You have a desire to make the Internet and your company a safer place.
- You had a passion for tools like Ansible and Cloudformation, Terraform, Kubernetes and Helm.
- You have experience with ethical hacking and vulnerability management reporting.
- You have experience with threat modeling and attack forensics.
- You have expertise in IT delivery methodologies (e.g., Agile, DevOps, XP programing) preferably in a C#/.Net environment.
- Proven capabilities across Cybersecurity domains and supporting technologies
- You have advanced experience with leading laws, regulations, standards and best practices including, but not limited to, NIST, ISO, SOX, HIPAA, EU GDPR, PCI, CSA CCM
- You are familiar with enterprise frameworks such as TOGAF, COBIT and SABSA, Open Security Architecture, or Service Oriented Modeling Framework
- You have strong communication skills.
- You ask questions and let others know when you need help
- You're a problem solver.
- You have the confidence to challenge the status quo and introduce new concepts that will streamline, secure or improve the current methods.
- You are passionate about your work but like to have fun.
- You deliver results with integrity
- You love mentoring and being a servant leader to your coworkers,
- You like enhancing the lives around you.