Ref ID: 01020-9502970798
Classification: Application Developer
Compensation: DOE
Primary Function: The Application Security Architect is a position of technical expertise, influence, and leadership within the Information Security team. The Application Security Architect is a deeply technical Security Expert helping to guide Protiviti’s client and its development organizations to develop sound security development practices. The incumbent will lead efforts to establish and improve secure SDLC activities and identify tools to integrate into the Agile development process to aid in evaluating the security of the applications. When appropriate, the incumbent will perform manual security testing of application components, such as APIs to ensure they are hardened against exploitation. When security flaws/vulnerabilities are identified, the Application Security Architect will follow the established processes to document, track, and work with development teams to ensure remediation. Responsibilities include leading efforts to create an appropriate application security testing plan based on features and changes scoped-in for new updates (releases) for the applications. Protiviti’s client rewards eligible employees with a comprehensive and competitive benefits package that includes medical, dental, vision, 401k match of 5%, and generous paid time off. We also offer a casual dress policy that allows for jeans to be worn daily, onsite discounted chair massages, and contribution towards a gym membership.
Essential duties to be performed with or without reasonable accommodation: • Help lead the Secure DevOps application security program at Protiviti’s client by building, executing, and documenting a Secure Software Development Lifecycle • Utilization and maintenance of SAST/DAST tools including upgrades, reconfigurations, knowledge of vulnerabilities and experience integrating with build servers, bug tracking and ticketing solutions • Application security insight and implementation of best practices regarding security in software development, IoT platform, mobile application, user interface design frameworks, high performance messaging solutions and cloud-based solutions • Demonstrate subject matter expertise (SME) in securing both web and mobile applications against common issues (including OWASP Top 10), to include: o Knowledge of Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE) and remediation recommendations o Familiarity of vulnerabilities and attack methods, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), SQL Injection (SQLi), etc. and how to identify, trace and remediate these vulnerabilities • Determines security requirements based on business needs, knowing information security standards, conducting system security and vulnerability analyses and risk assessments, studying architecture/platform, identifying integration issues, and preparing cost estimates • Work with corporate security governance team to comply with internal SLA and policies • Research security technologies and maintain knowledge of current and emerging technologies / products / trends related to security architectural solutions. Adhere to and ensure compliance of all business transactions with policy and process of the Bank Secrecy Act. Ensure compliance with all applicable state and federal laws, company procedures, and policies. Maintain integrity and ethics in all actions and conversations with or regarding credit union members and their accounts; complies with Privacy Act directives.
Suggested training and experience: • Bachelor's degree from an accredited College or equivalent combination of education and experience • 5-7+ years in application security (prefer 1-2+ prior years in development) • Advanced written and oral communications skills with the ability give a program overview to senior level leadership and clients • Able to build and manage a detail oriented development and training program for Application Security Engineers and Architects • Technical knowledge and experience performing code reviews / reviewing results of static analysis tools (preferred) • Foundational knowledge of NIST 800-53 and the NIST Cyber Security Framework (CSF) • Experience building out and operating a Secure DevOps program • Experience with working with common commercially available and Open-Source Dynamic and Static Application Security Testing solutions • Extensive enterprise development experience in Java and/or .NET languages (preferred) • Proven understanding of enterprise architectures and best practices for high-volume, high-availability web / mobile apps • Certified in at least one or more of the following certifications: GCIH, GPEN, OSCP, GREM, CISSP, CISA, CISM or other Incident response certifications • Ability to travel (less than 20%)
Robert Half Technology matches IT professionals with remote or on-site jobs on a temporary, project or full-time basis. From roles in software and applications to IT infrastructure and operations, we provide you unparalleled access to exciting career opportunities.
Our experienced staffing professionals can promote you to employers and advocate on your behalf. We provide access to top jobs, competitive compensation and benefits, and free online training. For more opportunities, get the Robert Half app and receive instant notifications when our AI matches you with jobs.
When you work with us, you’re working with the best. Robert Half has been recognized as one of FORTUNE’s “Most Admired Companies” every year since 1998 and was named to Forbes’ inaugural list of America’s Best Temporary Staffing Firms.
Questions? Call your local office at
1.888.490.4429
. All applicants applying for U.S. job openings must be authorized to work in the United States. Benefits are available to temporary professionals. Visit [ Link removed ] - Click here to apply to Application Security Architectfor more information.
© 2020 Robert Half Technology. An Equal Opportunity Employer. M/F/Disability/Veterans. By clicking “Apply Now,” you’re agreeing to Robert Half’s Terms of Use (www.roberthalf.com/terms-of-use).
Information Security
Application Security
Vulnerability
Giac Certified Incident Handler
Microsoft Antivirus
Classification: Application Developer
Compensation: DOE
Primary Function: The Application Security Architect is a position of technical expertise, influence, and leadership within the Information Security team. The Application Security Architect is a deeply technical Security Expert helping to guide Protiviti’s client and its development organizations to develop sound security development practices. The incumbent will lead efforts to establish and improve secure SDLC activities and identify tools to integrate into the Agile development process to aid in evaluating the security of the applications. When appropriate, the incumbent will perform manual security testing of application components, such as APIs to ensure they are hardened against exploitation. When security flaws/vulnerabilities are identified, the Application Security Architect will follow the established processes to document, track, and work with development teams to ensure remediation. Responsibilities include leading efforts to create an appropriate application security testing plan based on features and changes scoped-in for new updates (releases) for the applications. Protiviti’s client rewards eligible employees with a comprehensive and competitive benefits package that includes medical, dental, vision, 401k match of 5%, and generous paid time off. We also offer a casual dress policy that allows for jeans to be worn daily, onsite discounted chair massages, and contribution towards a gym membership.
Essential duties to be performed with or without reasonable accommodation: • Help lead the Secure DevOps application security program at Protiviti’s client by building, executing, and documenting a Secure Software Development Lifecycle • Utilization and maintenance of SAST/DAST tools including upgrades, reconfigurations, knowledge of vulnerabilities and experience integrating with build servers, bug tracking and ticketing solutions • Application security insight and implementation of best practices regarding security in software development, IoT platform, mobile application, user interface design frameworks, high performance messaging solutions and cloud-based solutions • Demonstrate subject matter expertise (SME) in securing both web and mobile applications against common issues (including OWASP Top 10), to include: o Knowledge of Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE) and remediation recommendations o Familiarity of vulnerabilities and attack methods, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), SQL Injection (SQLi), etc. and how to identify, trace and remediate these vulnerabilities • Determines security requirements based on business needs, knowing information security standards, conducting system security and vulnerability analyses and risk assessments, studying architecture/platform, identifying integration issues, and preparing cost estimates • Work with corporate security governance team to comply with internal SLA and policies • Research security technologies and maintain knowledge of current and emerging technologies / products / trends related to security architectural solutions. Adhere to and ensure compliance of all business transactions with policy and process of the Bank Secrecy Act. Ensure compliance with all applicable state and federal laws, company procedures, and policies. Maintain integrity and ethics in all actions and conversations with or regarding credit union members and their accounts; complies with Privacy Act directives.
Suggested training and experience: • Bachelor's degree from an accredited College or equivalent combination of education and experience • 5-7+ years in application security (prefer 1-2+ prior years in development) • Advanced written and oral communications skills with the ability give a program overview to senior level leadership and clients • Able to build and manage a detail oriented development and training program for Application Security Engineers and Architects • Technical knowledge and experience performing code reviews / reviewing results of static analysis tools (preferred) • Foundational knowledge of NIST 800-53 and the NIST Cyber Security Framework (CSF) • Experience building out and operating a Secure DevOps program • Experience with working with common commercially available and Open-Source Dynamic and Static Application Security Testing solutions • Extensive enterprise development experience in Java and/or .NET languages (preferred) • Proven understanding of enterprise architectures and best practices for high-volume, high-availability web / mobile apps • Certified in at least one or more of the following certifications: GCIH, GPEN, OSCP, GREM, CISSP, CISA, CISM or other Incident response certifications • Ability to travel (less than 20%)
Robert Half Technology matches IT professionals with remote or on-site jobs on a temporary, project or full-time basis. From roles in software and applications to IT infrastructure and operations, we provide you unparalleled access to exciting career opportunities.
Our experienced staffing professionals can promote you to employers and advocate on your behalf. We provide access to top jobs, competitive compensation and benefits, and free online training. For more opportunities, get the Robert Half app and receive instant notifications when our AI matches you with jobs.
When you work with us, you’re working with the best. Robert Half has been recognized as one of FORTUNE’s “Most Admired Companies” every year since 1998 and was named to Forbes’ inaugural list of America’s Best Temporary Staffing Firms.
Questions? Call your local office at
1.888.490.4429
. All applicants applying for U.S. job openings must be authorized to work in the United States. Benefits are available to temporary professionals. Visit [ Link removed ] - Click here to apply to Application Security Architectfor more information.
© 2020 Robert Half Technology. An Equal Opportunity Employer. M/F/Disability/Veterans. By clicking “Apply Now,” you’re agreeing to Robert Half’s Terms of Use (www.roberthalf.com/terms-of-use).
Recommended Skills
Incident ResponseInformation Security
Application Security
Vulnerability
Giac Certified Incident Handler
Microsoft Antivirus