[24]7 Inc - Senior Application Cyber Security Architect

Job Description

The Senior Application Cybersecurity Architect shall be responsible for ensuring the information Security, and Compliance needs of [24]7 across all its Business units and Geographies. The position will provide leadership and support for ensuring product and application security for internal, 3rd party and externally hosted solution. Through close collaboration and partnership with product and IT teams throughout the organization be able to help ensure our product's and services are secured.

Requirements:

- As a Senior Security Architect provides application security related direction and oversight to different teams within [24[7.

- Assess internal and external application for security vulnerabilities and other weaknesses.

- Should have thorough knowledge of application security and compliance related risks and counter measures when hosted application in the Cloud (Public, Private and Hybrid)

- Knowledge and understanding of AWS and Azure implementations

- Expert knowledge and implementation of secure application architectures, encryption technologies, cryptography and key management, and authentication and control of application permissions

- Direct experience with secure application development and application security risk mitigation techniques

- Knowledge of the common application layer vulnerabilities and the ability to explain these risks to developers

- Knowledge of tiered application architectures, web applications, APIs, mobile applications, desktop applications, and the underlying technology of cloud infrastructure

- Experience securing platform web APIs

- Experience with one or more general purpose programming languages including but not limited to: Java, C/C++, C#, Objective C, Python, JavaScript.

- Versed with recent versions of the OWASP Top Ten for web application security

- Detailed understanding of and experience with application deployments in corporate environments

- Experience working in DevOps, continuous integration and Agile, including design of security solutions, including creating artifacts, models, and strategy presentations

- Demonstrable experience with mobile application security, HTML5, Web Services assessment, identity management will be highly regarded.

Ten (10) or more years in software engineering and development with emphasis on the delivery of secure, Internet-exposed, multi-tier, web-based systems using Java/J2EE and/or C#/ASP/.NET (experience with both a plus).

- At least three (3) year of hands-on experience evaluating the security of applications using both manual and automated techniques. Relevant tool experience should include code security scanners such as Fortify SCA, Checkmarx; assessment support tools such as BurpSuite, and Metasploit

- Knowledge of general application security API and protocols such as MS CryptoAPI, Kerberos, SSL/TLS, SAML, S/MIME, and PKCS API's.

Knowledge of cryptographic solutions for protection of data in use, in transit and at rest, such as; Masking, SSL/TLS, IPSec, or format preserving encryption & sanitization.

- Should have broad technical foundation and can understand network, operating system, database, and application development design and support as necessary to be able to analyze issues and recommend solutions for the detection, remediation, and prevention of security vulnerabilities

- Should have broad knowledge of security policies and practices, including ISO 27001 and Payment Card Industry (PCI)

- Ability to work under pressure, and deliver to deadlines, on a self-driven basis

- Logical thinker, strong analysis, problem assessment and resolution oriented

- Strong achievement focus i.e. high energy levels and commitment to ending results

Responsibilities

- Ensure that all [24]7 application, internal and external, are secured. Be able to identify vulnerabilities and get closure.

- Providing software architecture security guidance, including developing application threat models and methodically protecting against business logic and design flaws that could introduce security vulnerabilities

- Work with the CISO to set the strategic direction and planning for Information Security, including annual and long term security and compliance goals.

- Manage the overall global application security strategy and establish company-wide standards and controls, including directing updates or creation of related policies, procedures, programs, and guidelines to ensure company-wide information security and assurance.

- Translate corporate, client, and regulatory compliance requirements to current and future capabilities, products, and projects.

- Ensure compliance with the changing laws and applicable regulations.

- Coordinate and track all information technology and security related audits including the scope of audits, units involved, timelines, auditing agencies, and outcomes.

- Oversee the continuous monitoring and protection of [24]7 Crown jewels.

- Evaluate suspected security breaches, work with subject matter experts, and recommend corrective actions.