Application Security Engineer / Alpharetta, GA

Job Summary

The Security Architect will serve as the security technical lead on a domain of products. This individual will be part of a global security architecture team, which establishing, implementing, and improving the application security of the products developed in the company. 

Responsibilities 

• Work as the lead to design, implement and govern the overall security architecture of the products.

• Aligning the secure development lifecycle to industry standards, including Microsoft SDL, OWASP development guides, PCI standards and PII related topics.

• Perform proof-of-concept and proof-of-technology testing for integrating new 3rd party security products into the development and deployment processes.

• Lead the implementation of proposed solutions while interfacing with the Project Management and Product Management to ensure the coordination, communication and successful delivery of projects.

• Working with the product management on budget assignments and backlog tracking.

• Assisting the teams to audit and configure the security applications in terms of dynamic security testing, static code analysis, automatic fuzz testing etc.

• Develop and maintain security procedures and guidelines for the product.

• Manage relationships and interactions with human resources, legal, and internal audit departments.

 

Requirements 

• Bachelor’s Degree in Computer Science or related field. Equivalent work experience will be considered.

• Software engineering background of 4 -7 years.

• Penetration testing and software security architecture background of 4-7 years.

• Current CISSP or similar certifications desirable, e.g. CEH (Certified Ethical Hacker) and OSCP (Offensive Security Cert. Pro).

• Hands On PCI and PA DSS Certification is a plus.

• Retail, financial, healthcare payment transaction processing software vulnerabilities and authentication testing – advantage.

• Experience with E-Commerce payments integration/ security issues – advantage.

• Soft skills - effective communication (internal, customer, legal counsel), collaboration (internal, external) and effective written skills (white papers, vulnerability specifications etc.).

• Active participation in cybersecurity forums/conventions, e.g. DEFCON, Black Hat. Public speaking is a plus.