Lead Security Architect
Posted 3 days ago by 1762334097
Negotiable
Outside
Remote
USA
Summary: The Lead Security Architect role involves overseeing security vulnerabilities across applications, networks, and platforms, while effectively communicating these risks to developers. The position requires conducting security assessments and reviewing technical designs to identify weaknesses. Candidates should possess extensive knowledge of cloud services and security domains, along with a background in programming and application architecture. This role is primarily remote, allowing for flexibility in work arrangements.
Key Responsibilities:
- In-depth knowledge of application, network, and platform security vulnerabilities; ability to explain these vulnerabilities to developers.
- Conducting Information Security, IT Security, and Audit assessments; presenting outcomes and obtaining buy-in.
- Reviewing technical designs and functional requirements to identify areas of security weakness.
- Knowledge of Cloud Service Providers (AWS/Google/Azure), DevOps, and CI/CD.
- Working experience in at least three application/network security domains such as authentication, identity management, data protection, app security, and cryptography.
- Prior experience administering systems for version control, issue tracking, continuous integration, or release management.
- Knowledge of standard network models and risks at each layer, including functions of network equipment.
- Working knowledge of primary operating systems and their security risks at an enterprise scale.
- Experience with testing tools such as Veracode, Fortify, OunceLabs, AppScan, WebInspect, or Burp.
- Background in programming, design, and application architecture; experience implementing complex applications in an enterprise environment.
- Knowledge of programming and scripting languages such as Java, JavaScript, C#, C/C++, Perl, Python, Ruby.
- In-depth knowledge of web technologies including web browsers, web servers, and web services.
Key Skills:
- In-depth knowledge of application, network, and platform security vulnerabilities.
- Experience in conducting Information Security, IT Security, and Audit assessments.
- Strong focus on reviewing technical designs and functional requirements.
- Knowledge of Cloud Service Providers (AWS/Google/Azure), DevOps, and CI/CD.
- Experience in at least three application/network security domains.
- Prior experience with version control, issue tracking, continuous integration, or release management.
- Knowledge of standard network models and network equipment functions.
- Working knowledge of primary operating systems and their security risks.
- Experience with testing tools such as Veracode, Fortify, OunceLabs, AppScan, WebInspect, or Burp.
- Background in programming, design, and application architecture.
- Knowledge of programming and scripting languages.
- In-depth knowledge of web technologies.
Salary (Rate): undetermined
City: undetermined
Country: USA
Working Arrangements: remote
IR35 Status: outside IR35
Seniority Level: undetermined
Industry: IT
Detailed Description From Employer:
Lead Security Architect
Location: US Remote
Required
a. Authentication: SAML, SiteMinder, Kerberos, OpenId
b. Entitlements and identity management
c. Data protection, data leakage prevention and secure data transfer and storage
d. App Security - validation checking, software attack methodologies.
e. Cryptography - encryption and hashing
6. Desired - Prior experience administering systems for version control (Bitbucket, Github), issue tracking (Jira), continuous integration (Jenkins, Github Actions), or release management.
7. Required - Knowledge of standard network model and the risks that present at each layer, the functions of network equipment such as switches, routers, firewalls, proxies, VPNs, and load-balancers, and understanding of common network architectures.
8. Required - The candidate must have working knowledge of the primary operating systems (Unix, Windows, z/OS, Mac OS), the configuration and management of that platform at an enterprise scale, the security risks to that platform, and how to mitigate those risks.
9. Desired - experience in testing tools, at least one of Veracode, Fortify, OunceLabs, AppScan, WebInspect, Burp
Development Experience
1.Even though the SecDesign Integrator role is not a development role, the candidate must have previous background in programming, design, and application architecture.
2. In order to be a practical SecDesign Integrator the candidate must have experience implementing complex applications in an enterprise environment.
3. working knowledge of programming and scripting languages: Java, JavaScript, C#, C/C++, Perl, Python, Ruby
4. In-depth knowledge of web technologies such as Web Browsers, Web Servers, Web Services
Location: US Remote
Job Description
Required
- In depth knowledge of application, network, and platform security vulnerabilities. Ability to explain these vulnerabilities to developers.
- Experience in conducting Information Security, IT Security, Audit assessments. Presenting the outcomes of the assessment and obtaining buy in.
- Strong focus on reviewing technical designs and functional requirements to identify areas of Security weakness.
- Knowledge of Cloud Service Providers (AWS/Google/Azure) cloud, DevOps and CI/CD
a. Authentication: SAML, SiteMinder, Kerberos, OpenId
b. Entitlements and identity management
c. Data protection, data leakage prevention and secure data transfer and storage
d. App Security - validation checking, software attack methodologies.
e. Cryptography - encryption and hashing
6. Desired - Prior experience administering systems for version control (Bitbucket, Github), issue tracking (Jira), continuous integration (Jenkins, Github Actions), or release management.
7. Required - Knowledge of standard network model and the risks that present at each layer, the functions of network equipment such as switches, routers, firewalls, proxies, VPNs, and load-balancers, and understanding of common network architectures.
8. Required - The candidate must have working knowledge of the primary operating systems (Unix, Windows, z/OS, Mac OS), the configuration and management of that platform at an enterprise scale, the security risks to that platform, and how to mitigate those risks.
9. Desired - experience in testing tools, at least one of Veracode, Fortify, OunceLabs, AppScan, WebInspect, Burp
Development Experience
1.Even though the SecDesign Integrator role is not a development role, the candidate must have previous background in programming, design, and application architecture.
2. In order to be a practical SecDesign Integrator the candidate must have experience implementing complex applications in an enterprise environment.
3. working knowledge of programming and scripting languages: Java, JavaScript, C#, C/C++, Perl, Python, Ruby
4. In-depth knowledge of web technologies such as Web Browsers, Web Servers, Web Services