The Security Architect will serve as the security technical lead on a domain of products. This individual will be part of a global security architecture team, which establishing, implementing, and improving the application security of the products developed in the company.
• Work as the lead to design, implement and govern the overall security architecture of the products.
• Aligning the secure development lifecycle to industry standards, including Microsoft SDL, OWASP development guides, PCI standards and PII related topics.
• Perform proof-of-concept and proof-of-technology testing for integrating new 3rd party security products into the development and deployment processes.
• Lead the implementation of proposed solutions while interfacing with the Project Management and Product Management to ensure the coordination, communication and successful delivery of projects.
• Working with the product management on budget assignments and backlog tracking.
• Assisting the teams to audit and configure the security applications in terms of dynamic security testing, static code analysis, automatic fuzz testing etc.
• Develop and maintain security procedures and guidelines for the product.
• Manage relationships and interactions with human resources, legal, and internal audit departments.
• Bachelor’s Degree in Computer Science or related field. Equivalent work experience will be considered.
• Software engineering background of 4 -7 years.
• Penetration testing and software security architecture background of 4-7 years.
• Current CISSP or similar certifications desirable, e.g. CEH (Certified Ethical Hacker) and OSCP (Offensive Security Cert. Pro).
• Hands On PCI and PA DSS Certification is a plus.
• Retail, financial, healthcare payment transaction processing software vulnerabilities and authentication testing – advantage.
• Experience with E-Commerce payments integration/ security issues – advantage.
• Soft skills - effective communication (internal, customer, legal counsel), collaboration (internal, external) and effective written skills (white papers, vulnerability specifications etc.).
• Active participation in cybersecurity forums/conventions, e.g. DEFCON, Black Hat. Public speaking is a plus.