Lead Application Security Architect

As a Lead Application Security Architect, you will spearhead the implementation and/or assurance of robust security measures, ensuring the integrity of our clients application and cloud environments. Your expertise in platforms, SDL, DevSecOps, and secure coding practices will be pivotal in safeguarding these digital assets.

The CPX architecture team within the Cyber Solutions and Delivery business unit is concerned with envisioning, designing and overseeing large cyber security related projects. An opening currently exists for a Lead Application Security Architect.

Key Responsibilities:

• Collaborate with IT and business stakeholders to align software application security with corporate and regulatory requirements.
• Establish programs to ensure continuous delivery of secure services over the life of managed platforms.
• Conduct threat modeling and security risk assessments, advocating for necessary security enhancements.
• Lead the integration of application-level security controls, adhering to standards such as OWASP, NIST etc.

Skills Required:

• Extensive knowledge of application security, API Security, Secure CI/CD pipeline, Microservices architecture, DevSecOps tooling including AST, SCA, container runtime, and IaC.
• Proficient in secure coding practices, cloud security, data privacy, network protocols, and network security.
• Proven experience in performing security assessments in diverse development environments.
• Candidates must be able to demonstrate in-depth knowledge of security frameworks, standards as well as security controls and technologies.
• Hand-on experience developing secure code, scripting and automation.
• Strong consulting and communication (both oral and written) skills and the ability to work in a team environment is a must.
• Ten years+ of progressive experience in consulting and design of ICT and security solutions in complex or sensitive environments.

Certification Requirements:

• A degree in Computer Science or a related field is required.
• Professional Certifications: Cloud Administration/Security (Azure/AWS), Kubernetes (CKAD/CKA/CKS), CISM, CISSP, CCSP (highly desirable); ISC2, EC-Council, TOGAF Foundation, SABSA, SANS Certifications, CEH (preferred).