Description-

Application Security Architect should have Application architecture and software development skills; ability to conduct software security testing using tools like Web Inspect, Burp Suite Pro, IBM App Scan, Apps Dynamic, Fortify, Sonar, Kali Linux and Kali Linus tool set; ability to conduct protocol, application and malware analysis; ability to debug systems; familiarity with authentication schemes; knowledge of HTTP protocol; experience with ethical hacking and penetration testing, networking protocols, and computer architecture

Application security architects will work with development and architecture teams to build computer security applications. His job tasks might include testing programs for security weaknesses, performing vulnerability scans, and providing security guidance to software development teams.

The duties outline the tasks and goals for which the information security architect is responsible. That may vary depending on your company's needs or industry.

Roles: The duties outline the tasks and goals for which the information security architect is responsible. That may vary depending on company's needs or industry. It includes -

- Design, build and implement enterprise-class security systems for a production environment

- Align standards, frameworks and security with overall business and technology strategy

- Identify and communicate current and emerging security threats

- Design security architecture elements to mitigate threats as they emerge

- Create solutions that balance business requirements with information and cyber security requirements

- Identify security design gaps in existing and proposed architectures and recommend changes or enhancements

- Use current programming language and technologies to writes code, complete programming and performs testing and debugging of applications

- Hands on and strong experience on SecDevOps using Different CI/CD tool with Quality Gate in CI pipeline for SAST/DAST/HOST Configuration (Like Web/App Server configuration, DB server Configuration etc.) assessment

- Train users in implementation or conversion of systems

Skills and competencies

- Security architecture, demonstrating solutions delivery, principles and emerging technologies - Designing and implementing security solutions. This includes continuous monitoring and making improvements to those solutions, working with an information security team.

- Consulting and engineering in the development and design of security best practices and implementation of solid security principles across the organization, to meet business goals along with customer and regulatory requirements.

- Security considerations of cloud computing: They include data breaches, broken authentication, hacking, account hijacking, malicious insiders, third parties, APTs, data loss and DoS attacks.

General skills include:

- Exceptional communication skills with diverse audiences - Strong critical thinking and analytical skills

- Strong leadership, project and team-building skills, including the ability to lead teams and drive projects and initiatives in multiple departments

- Demonstrated ability to identify risks associated with business processes, operations, information security programs and technology projects

- The ability to be the enterprise security subject matter expert who can explain technical topics to those without a technical background

Experience

- Python, PHP, .NET, Java/J2EE, ColdFusion, API/web services, scripting languages and a relational database management system (RDBMS) such as MS SQL Server or Oracle. These are some of the technical elements needed to build security into an organization.

- Relevant National Institute of Standards and Technology (NIST) standards. A system that is not in compliance with the standards set by NIST, along with ISO27001, COBIT and COSO (below), will lack both compliance and adequate security architecture.

- ISO27001 specifications for a framework of policies and procedures that include all legal, physical and technical controls involved in an organizations risk management

- Control Objectives for Information and Related Technologies (COBIT)

- Windows, UNIX and mainframe

- 8+ years of experience working in application security, 5+ years of experience as architect and 5+ years of experience as developers and 15 to 20 years of overall experience working in IT

As and AppSec Architect we need to know they have expertise in below area-

1. SAST This is mainly for security assessment of source code. Below the area you can check-

a. How they help to developer for the same.

b. If they have implemented in CI/CD

c. If they have implemented any SAST Quality Gate in built pipeline of CI/CD

2. DAST Dynamic Application security assessment. It is done when application is deployed in any environment. Below the check points-

a. If familiar with CI/CD

b. Concept of False Positive and False negative

c. Quality gate in CI/CD pipeline

3. Monitoring Any idea on WAF (Web Application Firewall). Why does it require. How they control Zero day

4. Architect What are the document they look into. They should not just tell Design diagram or HLD or LLD, but some specific names. What are the things they review in architect on security aspect. They should talk about Identity protocol for authentication. Communication between different service component on secure way. Encryption/decryption/SSL/TLS/AES 256 etc.

- This part is too important here. Above 3 points, all our existing team members from AppSec Team knows very well, who are all having 5 to 10 years of experience.

This job opening was posted long time back. It may not be active. Nor was it removed by the recruiter. Please use your discretion.