Application Security Architect Iii-2

Early Warning Services, LLC Chicago , IL 60602

Posted 2 months ago

A Great Place to Work

Last year, we transformed the P2P payments industry with Zelle. 247-million transactions and $75-billion later, consumers love us as much as our amazing team of talented people. Come join the most INNOVATIVE FinTech company in Arizona.

Overall Purpose

This position leads the Security Architecture consultation with IT, Project Management, Product Management, Software Development and other peers on proper security architecture and software development processes to ensure the applications developed and systems implemented are in line with security best practices and Early Warning Services policies and standards.

Essential Functions

  • Lead the Identification, measurement, control and minimization of security risks to information systems across a broad range of disciplines including application and host security.

  • Drives the evaluation of the current methods in use by Early Warning to access and process data via Early Warning customer facing applications.

  • Owns the development of repeatable application security architectures working with internal and external partners to ensure that systems are placed within the relevant security zones based on the data they house and their purpose.

  • Serves as the subject matter expert point of contact for all security issues in assigned areas.

  • Leads security efforts with architecture teams to ensure that all newly developed and legacy applications and infrastructure implementations are in line with security policy and are compliance to the required frameworks (ISO, PCI, OWASP, NIST 800-53, etc.).

  • Advises and approves of changes and architectures for assigned areas from a security perspective.

  • Evaluates and drives decisions on product business cases including functional and detailed design specs to ensure security standards are met.

  • Assists and leads the security incident response process as assigned.

  • Advises as a subject matter expert and contributes to the development of Early Warning security policy and procedures.

  • Develops and owns architectural reference material to ensure that security practices are being implemented in a repeatable fashion every time a new project is implemented.

  • Lead efforts that document and present risks and security issues that could impact the confidentiality, integrity and/or availability of the business (both internally and externally) by assisting in documentation, tracking and creating solutions for mitigation.

  • Work with internal and external penetration testing organizations to coordinate application and network based penetration.

  • Lead security efforts with Software Development to perform static code analysis on all custom developed code.

  • Interacts with customer banks to gather yearly testing and security requirements, review penetration testing findings, mitigating controls and/or projects to rectify security vulnerabilities.

  • Mentors new security team members.

  • Leads assigned information security efforts.

  • Individual contributor towards significant risk mitigation efforts.

  • Support the company's commitment to protect the integrity and confidentiality of systems and data.

Minimum Qualifications

  • Education and experience typically obtained through completion of a Bachelor's degree in Computer Science, Engineering, Math or Physical Science.

  • minimum 4 years of application security experience and 4 years of Security Architecture or Consulting experience.

  • Subject matter expert in focused Application Security skill or silo.

  • Expert knowledge of relational databases, Windows, and Linux operating systems.

  • Ability to work independently and within a team environment.

  • Ability to lead efforts that develop and deliver complex and enterprise wide risk mitigation solutions.

  • Effective interpersonal skills, with ability to present to peers, coworkers and customers.

  • Export knowledge of operating system, application, network, and database security architectures.

  • Proficiency in AppSec and Web services security

  • Application development background

  • Delivered talks or published whitepapers at regional Security Conferences

  • CEH/CPT, or CISSP or CSSLP Certification and one of GWEB, or Secure Development Cert, or PHD or MBA in InfoSec or equivalent certification.

  • Exposure to the Agile SDLC process.

  • Expert vulnerability exploitation experience.

  • Experience leading information security efforts.

  • Expert experience in analyzing technical issues and making recommendations for corrective action.

  • Demonstrate expert understanding in the field of Information Security in terms of both concepts and technology.

The above job description is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow instructions and perform other related duties as assigned by their supervisor.

Preferred Qualifications

  • MCSE, SCSA, CCNA or CISA certification

  • Additional related education and/or experience preferred

  • Familiarity with HP Fortify

  • Familiarity with application penetration testing tools:

o Proxies (Burp Suite Pro, Zed Attack Proxy)

o Scanners (Netsparker, AppScan, WebInspect)

o XML Tools (SOAP UI)

  • Familiarity with BSIMM framework

Physical Requirements

Working conditions consist of a normal office environment. Work is primarily sedentary and requires extensive use of a computer and involves sitting for periods of approximately four hours. Work may require occasional standing, walking, kneeling, and reaching. Must be able to lift 10 pounds occasionally and/or negligible amount of force frequently.

Requires visual acuity and dexterity to view, prepare, and manipulate documents and office equipment including personal computers. Requires the ability to communicate with internal and/or external customers.

Employee must be able to perform essential functions and physical requirements of position with or without reasonable accommodation.

Early Warning is an equal opportunity employer that takes affirmative action to employ, and advance in employment, qualified minorities, women, individuals with disabilities and covered veterans.


See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Cloud & Application Security Architect

Danaher

Posted 1 week ago

VIEW JOBS 11/9/2018 12:00:00 AM 2019-02-07T00:00 Job Description Job ID: COR001261 About Us Danaher is a global science & technology innovator committed to helping our customers solve complex challenges and improve quality of life worldwide. Our world class brands are leaders in some of the most demanding and attractive industries, including life sciences, medical diagnostics, dental, environmental and applied solutions. Our globally diverse team of 67,000 associates is united by a common culture and operating system, the Danaher Business System, which serves as our competitive advantage. We generated $18.3B in revenue last year. We are ranked #162 on the Fortune 500 and our stock has outperformed the S&P 500 by more than 1,200% over 20 years. At Danaher, you can build a career in a way no other company can duplicate. Our brands allow us to offer dynamic careers across multiple industries. We're innovative, fast-paced, results-oriented, and we win. We need talented people to keep winning. Here you'll learn how DBS is used to shape strategy, focus execution, align our people, and create value for customers and shareholders. Come join our winning team. Description We are seeking a Cloud and Application Security Architect to join an expanding information security program at Danaher Corporation. This is an exciting opportunity for you to lead technical security initiatives across over 25 globally diverse science and technology operating companies. Whether it's protecting our digital properties, safeguarding our cloud applications, or driving continuous improvements to our security controls, you will play a valuable role in delivering security from the ground-up in our systems and applications. Reporting to the Chief Information Security Officer and closely collaborating across information security functions, you will serve as the central resource for defining and evolving protection of cloud and application services across IT and business lines of operation.Define and maintain the security roadmap for adoption and consumption of cloud services in AWS and Microsoft Azure platforms * Lead in establishing a DevSecOps culture of continuous security enhancements and new feature releases into the product design and consumption of cloud services * Provide senior technical leadership in working with and across IT infrastructure, application developers, application service providers, and cloud service providers in the review, design, and implementation of cloud and cloud-based solutions * Develop and maintain technical security blueprints and practical best practices for protecting services and data within public and provide cloud environments and SaaS deployments * Create standardize work methods and procedures for conducting cloud security assessments, validations, and continuous conformance monitoring to established policies and procedures * Lead and participate in application and software development design reviews, code assessments, and development lifecycle planning * Work in partnership with application development & software engineering resources to embed security into software packages and maintain resilient application service * Lead in defining secure architecture and components for IoT platform development including edge systems, gateways, communication services, device management, and business rules & functionality * Participate in product development planning processes and recommends enhancements to existing procedures to maintain regulatory compliance requirements and increase resiliency of systems and solutions * Collaboratively work with a variety of product development, engineering, and R&D stakeholders to develop secured viable product offerings and lifecycle for managing existing product lines * Lead technical workshops, training, and webinars designed to increase overall security acumen of application developers, IT resources, and business partners to drive adoption of secured cloud services * Define, document, and deliver techniques and services for the on-going delivery of cloud solutions and to fortify application and software implementations * Create code, utilities, programs, and services engineered to simplify and standardize on a holistic approach to cloud security throughout the organization * Review product concepts and IT project requests to ensure adherence to security standards * Evaluate, recommend, and implement technologies to enhance cloud and application security functions including monitoring for, identification of, and responding to threats Job Requirements Qualifications Required Skills & Experience: * Bachelor's degree in Computer Science, IT, Engineering, or related technical field of study * 5+ years hands-on designing and deploying security solutions in a large-scale enterprise IT environment * 3 years' engineering experience leading and managing a technical team working on security applications * Deep understanding of Microsoft Azure and AWS ecosystems including experience implementing enterprise scale secure deployments * Ability to architect cloud solutions utilizing native and third-party cloud workload protection platforms in AWS and Azure environments * Ability to develop, debug, and recommend enhancements to applications & services written in C, C++, Java, Node.js, .net, Python, and common database technologies * Strong understanding of Internet of Things (IoT) design principles and patterns and best practices for hardening solutions * Ability to develop custom and integrated solutions for easing the adoption of security services using commonly accessible programming and/or scripting languages and API * Experience with service-oriented architectures for cloud-based deployments * Familiarity recommending and deploying industry standard authentication solutions (SAML, OAuth, OpenID, identity provider & service provider-oriented platforms) * Hands-on experience deploying and operating large-scale cloud PaaS, IaaS and SaaS models * Experience evaluating and validating security vendor technologies * Travel up to 40% may be required at times throughout the year Preferred Skills & Experience: * Relevant security certifications (GSEC, SSCP, CASP, GCIH) are a plus * Microsoft security certifications (GCWN or similar) are a plus * Cloud security certifications (CCSP) are similar are a plus solving protection of cloud and application services across IT and business lines of operation Danaher Corporation Overview Danaher is a global science & technology innovator committed to helping our customers solve complex challenges and improve quality of life worldwide. Our world class brands are leaders in some of the most demanding and attractive industries, including life sciences, medical diagnostics, dental, environmental and applied solutions. Our globally diverse team of 67,000 associates is united by a common culture and operating system, the Danaher Business System, which serves as our competitive advantage. We generated $18.3B in revenue last year. We are ranked #162 on the Fortune 500 and our stock has outperformed the S&P 500 by more than 1,200% over 20 years. At Danaher, you can build a career in a way no other company can duplicate. Our brands allow us to offer dynamic careers across multiple industries. We're innovative, fast-paced, results-oriented, and we win. We need talented people to keep winning. Here you'll learn how DBS is used to shape strategy, focus execution, align our people, and create value for customers and shareholders. Come join our winning team. Danaher Chicago IL

Application Security Architect Iii-2

Early Warning Services, LLC