Application Security Architect

Servicetitan Glendale , AZ 85301

Posted 4 months ago

What are we looking for?

We are looking for a security thought leader, who is passionate about application security. An experienced practitioner, not a theorist, who will lead our development teams through the adoption of security best practices and evangelize security. The ideal candidate has several years of development experience building systems/apps and then moved to application security.

The success in this role will demonstrate itself through the following attributes and skills:

  • Deep understanding of the security requirements lifecycle process and software development lifecycle (SDLC)

  • Strong working knowledge of Atlassian Stack, .Net Core, Microsoft Azure, SQL Server, GitHub, and Kubernetes

  • Experience developing and authoring application security architectures, standards, and guidelines

  • Experience communicating application security requirements and risk to IT teams and business partners

  • Experience reviewing application design, software framework, and infrastructure to identify risks. Capable of assessing underlying components (e.g., databases, servers), configuration, and security access controls

  • Experience with static code scan tools (e.g., Fortify, Checkmarx), dynamic scanning tools (e.g., Rapid7, WhiteHat Sentinel, Burp, Qualys), IAST (e.g. Contrast), and software composition tools (e.g. SourceClear, WhiteSource, Black Duck)

  • Experience working in an agile environment

  • Knowledgeable on industry frameworks and best practices (e.g., NIST CSF, OWASP ASVS, SANS/CWE Top 25, CIS Benchmarks)

  • Experience integrating security engineering automation tools into the CI/CD pipeline

To fulfill this role successfully, you should possess the following qualifications and experience:

  • BA/BS Bachelor's Degree or an Associate's Degree plus ten (7-10) years of SaaS experience. MA/MS Master's Degree in Information Technology, Computer Science or Software Engineering preferred

  • Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Ethical Hacker (CEH) Certifications

  • CVEs or active participation in Bug Bounty programs

  • Active participation in cybersecurity forums/conventions, e. g. OWASP, Black Hat, B-Sides, DefCON. Public speaking is a plus.

About ServiceTitan

ServiceTitan is a mobile, cloud-based software platform that helps home services companies streamline operations, improve customer service, and grow their business. ServiceTitan's end-to-end solution for the multi-billion dollar residential home services industry includes CRM, intelligent dispatch, custom reporting, marketing automation, mobile solution for field techs, and accounting integration with Intacct and QuickBooks. ServiceTitan brings a fully operational modern SaaS infrastructure to an industry traditionally underserved by software. ServiceTitan is the preferred software for hundreds of the world's most successful plumbing, HVAC, and electrical companies. For more information about ServiceTitan, visit www.ServiceTitan.com.

Los Angeles Business Journal Best Places to Work, 2018

Los Angeles Business Journal Top 100 Fastest Growing Private Company, 2018

Deloitte Fast 500, 2018

Inc 5000 - Best Workplaces, 2018

Inc. 5000 America's Fastest Growing Companies, 2018

Glassdoor/Battery Ventures Highest Rated Cloud Computing Companies, 2018

Mogul Top 1000 Companies Worldwide for Millennial Women 2018

Forbes - Next Billion-Dollar Startup List, 2017


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Sr Application Security Engineer

Disney

Posted 2 weeks ago

VIEW JOBS 7/30/2019 12:00:00 AM 2019-10-28T00:00 Job Description Drive secure development practices by: * Analyzing source code, both with manual and automated tools for security related weaknesses and common problems * Performing manual and automated analysis on applications using open source and custom tools * Proactively testing using a mix of static and dynamic application security tests (SAST and DAST) * Preparing summary security review reports which quantify and communicate the risk of the vulnerabilities * Partner with development teams to ensure risk is understood as well as to track and validate all remediation tasks Drive efficiency improvements by: * Analyzing processes and toolsets, continuously identify areas for automation and improvement * Assisting in tools and dashboards development * Authoring white papers and standards ensuring best practices are documented and easily understood by the development community * Mentoring junior members of staff * Speaking the engineering team's language and demonstrating real, practical risk and value. Being an ambassador for the security team, building relationships with the development teams security specialists to make certain they engage early and often ensuring security is an enabler not a blocker Job Type Full Time Alternate Location-State/Region WA Segment Direct-to-Consumer and International Category Technology Business Direct-to-Consumer and International Postal Code 91201 Alternate Country / Region US Alternate Location-City Seattle Job Description Drive secure development practices by: * Analyzing source code, both with manual and automated tools for security related weaknesses and common problems * Performing manual and automated analysis on applications using open source and custom tools * Proactively testing using a mix of static and dynamic application security tests (SAST and DAST) * Preparing summary security review reports which quantify and communicate the risk of the vulnerabilities * Partner with development teams to ensure risk is understood as well as to track and validate all remediation tasks Drive efficiency improvements by: * Analyzing processes and toolsets, continuously identify areas for automation and improvement * Assisting in tools and dashboards development * Authoring white papers and standards ensuring best practices are documented and easily understood by the development community * Mentoring junior members of staff * Speaking the engineering team's language and demonstrating real, practical risk and value. Being an ambassador for the security team, building relationships with the development teams security specialists to make certain they engage early and often ensuring security is an enabler not a blocker Disney Glendale AZ

Application Security Architect

Servicetitan