RED SKY Consulting hiring Application Security Architect in Minneapolis, Minnesota, United States | LinkedIn (2024)

Job Title: Application Security Architect

Location: Remote within US or Canada

Type: Direct Hire

Bottom Line / In a Nutshell

• Bachelor’s Degree in Computer Science or equivalent experience
• Highly technical and analytical experience, with a proven deep background (five-plus years preferred in addition to cybersecurity) in software engineering.
• 5-7+ years experience in Software Development
• 5-7+ years experience in a Security Engineering role with a specific focus on Vulnerability Management and Secure Coding
• Preference is for folks who worked with C# (Python and Java are fine but mainly use C# there)
• Must be familiar with SAST tools (Veracode, Snyk, Checkmarx, etc.)
• Experience with Pentesting (Burpsuite, etc.)
• Experience with bug tracking (Jira, etc.)

Job Description: The Product Security team is responsible for the code-level security of our products. We enhance product security via finding, fixing, and preventing security flaws across our family of products. On the Product Security Assurance teams, we build the tools and run the programs that eliminate security bugs in code. Beyond simply pointing out issues, we solve problems through close partnership with product and development teams. As such, we are looking for a Application Security Architect with strong technical & leadership skills, a background in product/application security, and a passion for solving complex product security challenges in a fast-moving agile environment. They should be comfortable working across the company and enjoy finding innovative ways to mitigate risk while protecting the data of more than five million users of our products.

What You'll Get To Do

• Implement Cloud Platform and Application Security Blueprint and drive adoption of standardized methodologies, libraries, and tools
• As a security SME, own identification and remediation of vulnerabilities within Platform and SaaS applications codebase, as well as 3rd party dependencies, with focus on maturing Application Security Engineering beyond OWASP Top Ten
• Define secure coding practices and guidance, conduct security reviews, and drive down security-related technical debt
• Conduct penetration testing using open source and commercial tools
• Develop scripts and tooling to “shift-left” common security tasks enabling DevSecOps
• Engage development teams in security feature reviews and threat modeling
• Contribute to a secure/compliant cloud-native service catalog
• Collaborate with engineering and operations teams to implement and automate security controls and processes cloud-native security monitoring, tooling, and reporting
• Foster a security-first culture by partnering with dev teams and platform engineers to balance key performance and security.
• Lead continuous product and application security reviews.
• Perform application security testing using SAST, DAST, IAST and RASP tools.
• Combine automated and manual product and application testing methods.
• Engage with internal and external teams performing vulnerability and penetration testing.
• Document security findings, outline remediation options and oversee mitigation.
• Focus on automation to aid in efficiencies with both testing and remediation of findings.
• Collaborate with developers and product managers for continuous security validation.
• Recommend controls where there are security gaps and track through to implementation and validation.
• Regularly monitor the threat landscape and assess the potential impact to products.
• Attend and participate in product meetings addressing security requirements for new and existing products.
• Serve as the primary management point of contact for product cybersecurity requirements, initiatives and escalations.
• Evaluate the existing product ecosystem and propose product changes to security leadership and engineering.
• Leverage security standards and implementation configurations, as well as common security frameworks.
• Uphold software bills of materials across products.
• Attend internal and external education and training sessions, with a focus on product security principles.
• Possess a general understanding of bug bounty programs and their management.
• Align with architects and development teams for a mission of secure design.
• Actively participate in security team meetings that facilitate secure product design.
• Possess general knowledge of product security that meets compliance, privacy laws and regulatory requirements.
• Focus on security process efficiencies, prioritizing advanced tasks to keep pace with product demand.
• Collaborate with team members and align with security, audit and risk management leadership.
• Perform other duties as assigned.

Skills and Experience we value:

• Bachelor’s Degree in Computer Science or equivalent experience
• Highly technical and analytical experience, with a proven deep background (five-plus years preferred in addition to cybersecurity) in software engineering.
• 7+ years experience in software development
• 7+ years experience in a Security Engineering role with a specific focus on vulnerability management and secure coding

What would make you really stand out:

• One of the security certifications, such as CISSP, GSEC, Azure Architect and/or Azure Security Engineer/Technologies preferred
• Background in automated program analysis
• Experience with .NET and C#
• DevOps experience with infrastructure, cloud and application pipelines
• Experience running operational teams
• Experience in Threat Modeling using STRIDE, PASTA, or similar
• Experience with open-source (e.g. Kali Linux) and commercial penetration testing tools
• Expertise in identifying and remediating OWASP Top Ten vulnerabilities and beyond
• Expertise with Azure security services as well as Docker/Kubernetes
• Minimum 1 year of experience with active compliant environments, eg PCI-DSS, HITRUST, FEDRAMP, ISO 27001, or similarly regulated industries.
• Experience with SAST, DAST, IAST and RASP.
• Five-plus years of experience with public cloud providers (AWS, Azure, GCP).
• Experience with container security, such as Docker and Kubernetes.
• Knowledge of CI/CD platforms, such as Jenkins and CircleCI.
• Experience building prototypes of tools and exploits, as well as conducting vulnerability and penetration tests.
• Proficiency in software development (.NET, Java, Rust, Golang, Python, C++, Ruby, etc.).
• Experience with security requirements for APIs

This Is a Great Opportunity With a First-class CompanyApplication Security Architect RED SKY Career Opportunities at: redskyconsulting.co/career-portalApplication Security Architect RED SKY Consulting Candidate and Client Referral Program!2500Do you know other IT professionals?Turn those relationships into Money & help friends get workRED SKY Consulting is offering a fantastic opportunity for you to earn extra money. If you refer to us a Manager of people or skilled professionals, we will link your name to that person for 18 months.If we employ or place that individual or place people into that company thru that managerApplication Security Architect RED SKY Consulting Company OverviewWe are an IT and Cybersecurity staffing solutions, professional services, management consulting, and executive placement company with thousands of resources across multiple IT and Cybersecurity skill sets. Our primary US locations are Chicago, New York, Los Angeles, Atlanta, Nashville, Tampa and Denver and we have organizational arms in other domestic cities along with offshore alliances in India and Ireland. RED SKY has a 15+ year history of providing great technology talent. RED SKY has many clients including; 7 of the Fortune 10, half of the Fortune 100, and 25% of the Fortune 500 companies within the manufacturing, financial services, health care, government, consumer services, insurance, and several other industry verticals represented.The RED SKY Foundation is being formed and will be providing fully funded college educations to underprivileged young adults in partnership with our clients starting 2022.Keys: Application Security, Architecture, Software Development, SAST, Pentest, C#, Application Security, Architecture, Software Development, SAST, Pentest, C#, Application Security, Architecture, Software Development, SAST, Pentest, C#XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX