Job Description

Reference # : 18-00153Title : Lead, Application Security Architect
Location : Abbott Park, IL
Position Type : Contract
Experience Level : Start Date / End Date : 03/12/2018 / 09/11/2018
Description
Title: Lead, Application Security Architect
Primary Job Responsibilities:
The application security program is designed to ensure that any software developed or acquired meets standards while enabling rapid innovation to meet customers' everchanging needs.
The Lead, Application Security Architect will be responsible for:
1. Integrating security tools, standards, and processes into the software development life cycle (SDLC).
2. Ensuring that developers and QA personnel are trained with the appropriate level of security knowledge to perform their daily activities.
3. Improving and supporting application security tool deployments including static analysis and runtime testing tools.
4. Improving and maintaining secure development standards and architecture patterns.
5. Supporting the incident response and architecture review processes whenever application security expertise is needed.
6. Integrating threat modeling practices into the software development life cycle (SDLC).
7. Providing security requirements for test?driven design.
8. Producing metrics reporting the state of application security programs and performance of development teams against requirements.
Job Requirements
Successful candidates will be security evangelists who can translate security concepts into language that is meaningful to many audiences, including business and technical leaders and individual contributors. Candidates must be able to approach application security from the perspective of risk management and avoid purely academic thinking about software security. Demonstrable ability to influence decision?making processes at all levels of a large organization will be critical to success.
Candidates must have strong leadership skills and be effective managers of highly technical individuals.
Candidates must have excellent verbal and written communication skills, including experience speaking in public forums and writing/contributing to technical publications.
Candidates should be familiar with waterfall and agile development processes and have experience integrating secure development practices into both models.
The candidate should have familiarity with a variety of development and testing tools, including: Client/Fortify SCA, IBM AppScan, and Client WebInspect
Candidates must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to any audience, and discuss effective defensive techniques.
Candidates must have familiarity with industry standards and regulations including PCI, FFIEC, SOX, and ISO27001 is desired.
Experience writing and testing web applications and web services such as the following programming languages: C/C++, Java, and JavaScript.

Education Bachelors degree or higher in Computer Science preferred. CSSLP

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online