Job Details
Shift Left Security Architect
Location: Jersey City, NJ or Whitehouse station NJ- Hybrid - 3 days onsite - 2 days WFH
Duration: 6 months+ CTH
Job Description:
We are looking for an Application Security specialist with 10+ years of extensive experience & knowledge in developing security solutions & providing governance for both cloud and on-premise applications.
The individual will possess a strong understanding of application technology stack, development methodologies and secure development controls. He will also possess a keen eye for detail and be able to identify security issues in application architecture.
Essential Functions
Work with Enterprise Architecture teams to conduct application design reviews. Identify threats and potential security issues and help the teams with practical secure control recommendations
Develop security metrics & measurement capability to demonstrate application security and SDLC security activities
Act as a trusted security consultant across the global enterprise
Provide technical security leadership to app dev architects and software developers for secure software development using both agile and traditional waterfall methodologies
Stay current with attacks, industry trends and threat mitigation measures in the application security space
Communicate timely and accurately - project related security risks and countermeasures to information to relevant parties
Seeks for innovation and creativity in security solutions
Required Skills/Experience
Expert level knowledge in SAST, DAST, IAST, RASP, WAF and related technologies
In depth knowledge of OWAP Top 10, SANS CWE top 25 and other application level risks and attacks
In depth knowledge of Secure Design Review and Threat Modeling methodologies
Experience in HTML, Java, JavaScript, and .Net, and scripting languages like Python, C Shell, Perl etc.
Experience with Web Services security (REST, SOAP, XML, etc.)
Experience with scripting languages such as Python, C Shell, Perl etc.
Experience with API gateways and authentication protocols such as OAuth, OpenID Connect and SAML
Familiarity with Cloud security controls for SaaS, IaaS, and PaaS
Familiarity with static code analysis tools like IBM Appscan, Client Fortify, & Veracode.
Familiarity with container technologies such as Docker, Kubernetes.
Familiarity with DevOps processes & principles.
Strong written and oral communication skills.