Application Security Architect

At Genworth, we empower families to navigate the aging journey with confidence. We are compassionate, experienced allies for those navigating care with guidance, products, and services that meet families where they are. Further, we are the spouses, children, siblings, friends, and neighbors of those that need care-and we bring those experiences with us to work in serving our millions of policyholders each day.

We apply that same compassion and empathy as we work with each other and our local communities. Genworth values all perspectives, characteristics, and experiences so that employees can bring their full, authentic selves to work to help each other and our company succeed. We celebrate our diversity and understand that being intentional about inclusion is the only way to create a sense of belonging for all associates. We also invest in the vitality of our local communities through grants from the Genworth Foundation, event sponsorships, and employee volunteerism.

Our four values guide our strategy, our decisions, and our interactions:

• Make it human. We care about the people that make up our customers, colleagues, and communities.

• Make it about others. We do what's best for our customers and collaborate to drive progress.

• Make it happen. We work with intention toward a common purpose and forge ways forward together.

• Make it better. We create fulfilling purpose-driven careers by learning from the world and each other.

POSITION TITLE

Application Security Architect

POSITION LOCATION

Richmond, VA or Lynchburg, VA

YOUR ROLE

Your role as an Application Security Architect will be to provide leadership regarding security and governance for application development on both physical datacenter and cloud environments. You will be responsible for creating and monitoring adherence to policies and standards for the development and administration of secure software and related technologies and standards. In your role, you will work closely with key IT and business stakeholders as well as third parties, as needed. As an ideal candidate, you will rely on extensive experience with application security and security compliance to enhance and manage the company's application security program.

What you will be doing

• Ensure the company's application security policies and standards follow best practices based on National Institute of Standards and Technology (NIST) and other relevant standards and frameworks.

• Translate security and technical policies into actionable requirements.

• Communicate security risks to different audiences ranging from business leaders to application development teams.

• Define, publish, maintain and execute application security governance processes.

• Own day-to-day life cycle management, including identification, threat assessment, threat modeling and risk avoidance.

• Serve as a subject-matter-expert and lead evangelist for Application Security; act as a first point of contact for critical issues, security risk assessments and triaging CI/CD issues with partners and stakeholders.

• Work with architecture, engineering, and application teams to advise on secure design for applications in areas such as data protection, key management, authentication, and authorization and to ensure security.

• "Shift-Left" and work with DevOps teams to create policy as code.

• Participate in working groups with other subject matter experts to define and review security standards and guidelines.

• Research and stay up to date on the latest security threats and trends.

• Analyze threats to application security and design solutions to mitigate those threats.

• Develop and execute projects to enhance application security measures.

• Provide guidance and oversight for the correction of discovered vulnerabilities.

What you bring

• Bachelor's degree in Information Technology, Computer Science, or related degree or equivalent years of experience.

• 7+ years demonstrated cybersecurity experience.

• Strong understanding of cybersecurity risks, technical control implementation, and at least one industry standard cybersecurity frameworks (NIST 800-53, NIST CSF, ISO 27001, etc.).

• In-depth knowledge of application security.

• Expertise in infrastructure, system and application design and implementation using data, web, mobile, cloud, and open-source technologies.

• Expertise with the Software Development Life Cycle (SDLC) process.

• Experience with results interpretations of Dynamic Application Security Testing (DAST) reports.

• Experience with at least one Static Application Security Testing (SAST) tool (e.g., CheckMarx, HP Fortify SCA, Coverity, Veracode, FindBugs, other), its use, reports results interpretation, developer community support in remediating verified code-associated security vulnerabilities.

• Knowledge of potential risks involved in application transitions from on-premises to cloud.

• Capacity to work in a team environment, excellent interpersonal and communication skills.

• Demonstrated project management experience.

• Strong ability to influence decision makers and drive consensus.

Preferred Qualifications:

• Familiarity with big data security solutions

• Leadership Experience

• Knowledge of Open Security Architecture (OSA), The Well Architected Framework, and OWASP Application Security Verification Standard (ASVS)

• Demonstrated ability to act as a thought leader in Cloud security for your existing organization

• Commitment to continuous improvement and innovative approaches

Employee Benefits & Well-Being

Genworth employees make a difference in people's lives every day. We're committed to making a difference in our employees' lives.

• Competitive Compensation & Total Rewards Incentives

• Comprehensive Healthcare Coverage

• Multiple 401(k) Savings Plan Options

• Auto Enrollment in Employer-Directed Retirement Account Feature (100% employer-funded!)

• Generous Paid Time Off - Including 12 Paid Holidays, Volunteer Time Off and Paid Family Leave

• Disability, Life, and Long Term Care Insurance

• Tuition Reimbursement, Student Loan Repayment and Training & Certification Support

• Wellness support including gym membership reimbursement and Employee Assistance Program resources (work/life support, financial & legal management)

• Caregiver and Mental Health Support Services