Lead, Application Security Architect
|Reference # :||18-00153||Title :||Lead, Application Security Architect|
|Location :||Abbott Park, IL|
|Position Type :||Contract|
|Experience Level :||Start Date / End Date :||03/12/2018 / 09/11/2018|
|Title: Lead, Application Security Architect|
Primary Job Responsibilities:
The application security program is designed to ensure that any software developed or acquired meets standards while enabling rapid innovation to meet customers' everchanging needs.
The Lead, Application Security Architect will be responsible for:
1. Integrating security tools, standards, and processes into the software development life cycle (SDLC).
2. Ensuring that developers and QA personnel are trained with the appropriate level of security knowledge to perform their daily activities.
3. Improving and supporting application security tool deployments including static analysis and runtime testing tools.
4. Improving and maintaining secure development standards and architecture patterns.
5. Supporting the incident response and architecture review processes whenever application security expertise is needed.
6. Integrating threat modeling practices into the software development life cycle (SDLC).
7. Providing security requirements for test?driven design.
8. Producing metrics reporting the state of application security programs and performance of development teams against requirements.
Successful candidates will be security evangelists who can translate security concepts into language that is meaningful to many audiences, including business and technical leaders and individual contributors. Candidates must be able to approach application security from the perspective of risk management and avoid purely academic thinking about software security. Demonstrable ability to influence decision?making processes at all levels of a large organization will be critical to success.
Candidates must have strong leadership skills and be effective managers of highly technical individuals.
Candidates must have excellent verbal and written communication skills, including experience speaking in public forums and writing/contributing to technical publications.
Candidates should be familiar with waterfall and agile development processes and have experience integrating secure development practices into both models.
The candidate should have familiarity with a variety of development and testing tools, including: Client/Fortify SCA, IBM AppScan, and Client WebInspect
Candidates must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to any audience, and discuss effective defensive techniques.
Candidates must have familiarity with industry standards and regulations including PCI, FFIEC, SOX, and ISO27001 is desired.
Education Bachelors degree or higher in Computer Science preferred. CSSLP
Job Status: Contract/Temporary