Application Security Architect Job Description
Application Security Architect Duties & Responsibilities
To write an effective application security architect job description, begin by listing detailed duties, responsibilities and expectations. We have included application security architect job description templates that you can modify and use.
Sample responsibilities for this position include:
Application Security Architect Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Application Security Architect
List any licenses or certifications required by the position: CISSP, CSSLP, PCI, CISM, OCSP, CRISC, CGFM, CPA, CIA, CISA
Education for Application Security Architect
Typically a job would require a certain level of education.
Employers hiring for the application security architect job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Engineering, Information Technology, Technical, Information Systems, Information Security, Education, Computer Engineering, Business, Technology
Skills for Application Security Architect
Desired skills for application security architect include:
Desired experience for application security architect includes:
Application Security Architect Examples
Application Security Architect Job Description
- Ensures web applications, APIs, and cloud services are planned, designed, developed, implemented and monitored in accordance with security policies and to meet compliance requirements
- Define strategies to implement the enterprise architecture design into the Financial Services applications
- Act as a key liaison between upper-level management, programmers, risk assessment staff and auditors
- Test final security structures and services to ensure they behave as expected
- Provide technical supervision for (and/or guidance to) a security team
- Champion secure development practices and lead implementation of fixing security issues
- Develop and manage an Application Security Program
- Helping define security standards for growing global company with over 18,000 global employees
- We believe that folks with great attitudes and a hunger to learn are more valuable than having all the latest certifications
- Assess PeopleSoft, OIAM, OBIEE
- Identify gaps in current standards and services and negotiate enterprise vs
- Manage multiple assignments simultaneously, while working independently and with other designers and subject matter experts
- Review and present solutions to the Engineering Board representing the Line of Business
- Work with vendors to develop proofs of concept and develop solutions from conception to implementation
- Solid understanding of the major global regulators and regulatory, legislative and legal requirements (MAS, FINMA, OCC)
- Expert understanding of current industry and risk technology trends
Application Security Architect Job Description
- Work with a small project team as a hands-on leader
- The Architect also develops methodology and best practices with the national Infrastructure and Operations (I&O) practice team, and actively leads and participates in I&O business development opportunities
- Contribute to business development process at an existing client, emerging technology
- Promote thought leadership in emerging technologies
- Conduct vulnerability testing for systems, networks, and applications
- Become an expert and gain real-life experience in information security
- Wide range of opportunities for personal development and professional experience
- Be part of an organization with many experienced professionals in the area of IT security
- Document necessary security controls/requirements that should be in place
- Mentors and develops security staff, business and IT staff in adopting security techniques and security standards
- BS in Computer Science or equivalent, 7 plus years’ experience in security operations and architecture
- The ability to manage and interact in a matrixes organization is essential
- Experience with programming languages such as Java, JavaScript, Visual Basic, Visual C++, C, COBOL, PYTHON, PERL
- Thorough understanding of security risk assessment and/or penetration testing concepts
- Direct experience with secure application development, application security risk mitigation techniques
- Effective communicator, capable of effectively translating and presenting complex technical concepts to both technical and non-technical management and customers, through oral presentations and written media (white papers and demonstrations)
Application Security Architect Job Description
- Work closely with Global Information Security Officer to ensure alignment between engineering and information security
- Define the Secure Development Lifecycle (SLDC) standards for the organization and work with the product architects to ensure that the engineering teams are following the standards
- Participate in application security architectural reviews with each product teams
- Develop secure coding training and education
- Evaluate new and emerging frameworks and technologies from an application development security perspective
- The Architect also develops methodology and best practices with the national Security and Infrastructure (S&I) practice team, and actively leads and participates in S&I business development opportunities
- Application layer design security documents including references architectures and design blueprints
- Lead the Threat Modeling program by performing security architecture / application reviews of products and applications
- Create security use, misuse and abuse cases for products and applications, to help create test plans to ensure adequate protection against threats
- Define and implement KPIs to effectively measure the program
- Knowledge of various platform technologies including internet, network, distributed systems, desktop computing, voice, and threat management technologies
- Experienced with enterprise security controls including malware, protection, firewalls, intrusion detection systems, content filtering, internet proxies, encryption controls, and log management solutions
- Strong understanding of attacker methods, kill chain disruption
- 5+ years of experience in an information security
- A strong understanding of cloud (preferably Azure), big data technologies and internet
- Experience managing the security of an application on a cloud platform such as Azure
Application Security Architect Job Description
- Assist project teams in implementing security measures to meet corporate policies and external regulations
- Mentor other Security Analysts in performing threat modeling and risk assessments
- Provide technical expertise and resolution for Threat Modeling and Risk Assessments
- Establish a strategic security architecture vision, including standards and frameworks that are aligned with overall business and IT strategies, and the enterprise architecture
- Provides project consulting, evaluating proposed solutions including vendor products for information security risks and recommending alternative solutions or compensating controls
- Integrates security into the development process
- Develops and delivers training around secure development lifecycle and secure coding practices
- Participates in the development of information security strategies, roadmaps, policies and standards
- Leads the design, configuration and integration of enterprise security solutions
- Reviews existing architecture, identifying design gaps, and recommends security enhancements
- Experience implementing, managing or governing security technologies, including encryption, mobile application security, network security, intrusion detection and digital forensics
- Experience developing security domain architectures and standards
- Experience in assessing security risks
- Direct management of cross functional, sourced, or matrixes teams
- Security certifications (CISSP, GISP, GSEC, CEH)
- Experience with application security component development
Application Security Architect Job Description
- Participates in solution architecture design
- Achieves security architecture compliance on relevant regulatory requirements including Sarbanes-Oxley, PCI-DSS, HIPAA/HITECH, and data privacy requirements when applicable
- Serves as information security subject matter expert
- Understands current emerging security threats and designs security architecture to mitigate threats where possible
- Stays abreast of new security technologies and integrates into security architecture designs when appropriate
- Troubleshoots and assists with investigation and resolution of application security incidents
- Assists in determining security requirements by evaluating business strategies and requirements
- Participates in the plan and design of security systems by evaluating and applying world class application security frameworks and technologies
- Implements security systems by specifying intrusion detection methodologies and software
- Upgrades security systems by monitoring security environment
- Experience with Azure and/or Cloudera
- Support internal customers with applying security during software development in existing solutions
- Security certifications are desirable, CISSP, CSSLP, CEH
- Retail, financial, healthcare payment transaction processing software vulnerabilities and authentication testing
- Experience with providing application security for financial institutions
- Soft skills - effective communication (internal, customer, legal counsel), collaboration (internal, external) and effective written skills (white papers, vulnerability specifications )