Bachelor’s Degree in Computer Science or equivalent experience
Highly technical and analytical experience, with a proven deep background (five-plus years preferred in addition to cybersecurity) in software engineering.
5-7+ years experience in Software Development
5-7+ years experience in a Security Engineering role with a specific focus on Vulnerability Management and Secure Coding
Preference is for folks who worked with C# (Python and Java are fine but mainly use C# there)
Must be familiar with SAST tools (Veracode, Snyk, Checkmarx, etc.)
Experience with Pentesting (Burpsuite, etc.)
Experience with bug tracking (Jira, etc.)
Job Description: The Product Security team is responsible for the code-level security of our products. We enhance product security via finding, fixing, and preventing security flaws across our family of products. On the Product Security Assurance teams, we build the tools and run the programs that eliminate security bugs in code. Beyond simply pointing out issues, we solve problems through close partnership with product and development teams. As such, we are looking for a Application Security Architect with strong technical & leadership skills, a background in product/application security, and a passion for solving complex product security challenges in a fast-moving agile environment. They should be comfortable working across the company and enjoy finding innovative ways to mitigate risk while protecting the data of more than five million users of our products.
What You'll Get To Do
Implement Cloud Platform and Application Security Blueprint and drive adoption of standardized methodologies, libraries, and tools
As a security SME, own identification and remediation of vulnerabilities within Platform and SaaS applications codebase, as well as 3rd party dependencies, with focus on maturing Application Security Engineering beyond OWASP Top Ten
Define secure coding practices and guidance, conduct security reviews, and drive down security-related technical debt
Conduct penetration testing using open source and commercial tools
Develop scripts and tooling to “shift-left” common security tasks enabling DevSecOps
Engage development teams in security feature reviews and threat modeling
Contribute to a secure/compliant cloud-native service catalog
Collaborate with engineering and operations teams to implement and automate security controls and processes cloud-native security monitoring, tooling, and reporting
Foster a security-first culture by partnering with dev teams and platform engineers to balance key performance and security.
Lead continuous product and application security reviews.
Perform application security testing using SAST, DAST, IAST and RASP tools.
Combine automated and manual product and application testing methods.
Engage with internal and external teams performing vulnerability and penetration testing.
Document security findings, outline remediation options and oversee mitigation.
Focus on automation to aid in efficiencies with both testing and remediation of findings.
Collaborate with developers and product managers for continuous security validation.
Recommend controls where there are security gaps and track through to implementation and validation.
Regularly monitor the threat landscape and assess the potential impact to products.
Attend and participate in product meetings addressing security requirements for new and existing products.
Serve as the primary management point of contact for product cybersecurity requirements, initiatives and escalations.
Evaluate the existing product ecosystem and propose product changes to security leadership and engineering.
Leverage security standards and implementation configurations, as well as common security frameworks.
Uphold software bills of materials across products.
Attend internal and external education and training sessions, with a focus on product security principles.
Possess a general understanding of bug bounty programs and their management.
Align with architects and development teams for a mission of secure design.
Actively participate in security team meetings that facilitate secure product design.
Possess general knowledge of product security that meets compliance, privacy laws and regulatory requirements.
Focus on security process efficiencies, prioritizing advanced tasks to keep pace with product demand.
Collaborate with team members and align with security, audit and risk management leadership.
Perform other duties as assigned.
Skills and Experience we value:
Bachelor’s Degree in Computer Science or equivalent experience
Highly technical and analytical experience, with a proven deep background (five-plus years preferred in addition to cybersecurity) in software engineering.
7+ years experience in software development
7+ years experience in a Security Engineering role with a specific focus on vulnerability management and secure coding
What would make you really stand out:
One of the security certifications, such as CISSP, GSEC, Azure Architect and/or Azure Security Engineer/Technologies preferred
Background in automated program analysis
Experience with .NET and C#
DevOps experience with infrastructure, cloud and application pipelines
Experience running operational teams
Experience in Threat Modeling using STRIDE, PASTA, or similar
Experience with open-source (e.g. Kali Linux) and commercial penetration testing tools
Expertise in identifying and remediating OWASP Top Ten vulnerabilities and beyond
Expertise with Azure security services as well as Docker/Kubernetes
Minimum 1 year of experience with active compliant environments, eg PCI-DSS, HITRUST, FEDRAMP, ISO 27001, or similarly regulated industries.
Experience with SAST, DAST, IAST and RASP.
Five-plus years of experience with public cloud providers (AWS, Azure, GCP).
Experience with container security, such as Docker and Kubernetes.
Knowledge of CI/CD platforms, such as Jenkins and CircleCI.
Experience building prototypes of tools and exploits, as well as conducting vulnerability and penetration tests.
Proficiency in software development (.NET, Java, Rust, Golang, Python, C++, Ruby, etc.).
Experience with security requirements for APIs
This Is a Great Opportunity With a First-class CompanyApplication Security Architect RED SKY Career Opportunities at:redskyconsulting.co/career-portalApplication Security Architect RED SKY Consulting Candidate and Client Referral Program!2500Do you know other IT professionals?Turn those relationships into Money & help friends get workRED SKY Consulting is offering a fantastic opportunity for you to earn extra money. If you refer to us a Manager of people or skilled professionals, we will link your name to that person for 18 months.If we employ or place that individual or place people into that company thru that managerApplication Security Architect RED SKY Consulting Company OverviewWe are an IT and Cybersecurity staffing solutions, professional services, management consulting, and executive placement company with thousands of resources across multiple IT and Cybersecurity skill sets. Our primary US locations are Chicago, New York, Los Angeles, Atlanta, Nashville, Tampa and Denver and we have organizational arms in other domestic cities along with offshore alliances in India and Ireland. RED SKY has a 15+ year history of providing great technology talent. RED SKY has many clients including; 7 of the Fortune 10, half of the Fortune 100, and 25% of the Fortune 500 companies within the manufacturing, financial services, health care, government, consumer services, insurance, and several other industry verticals represented.The RED SKY Foundation is being formed and will be providing fully funded college educations to underprivileged young adults in partnership with our clients starting 2022.Keys: Application Security, Architecture, Software Development, SAST, Pentest, C#, Application Security, Architecture, Software Development, SAST, Pentest, C#, Application Security, Architecture, Software Development, SAST, Pentest, C#XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Information Technology
Industries
IT Services and IT Consulting
Referrals increase your chances of interviewing at RED SKY Consulting by 2x
See who you know
Get notified about new Application Security Architect jobs in Minneapolis, MN.
Sign in to create job alert
Similar jobs
Cybersecurity Engineer
Cybersecurity Engineer
Paragon Cyber Solutions (8a, EDWOSB, SDVOSB, CMMC-C3PAO) | 2023 Small Business of the Year
Address: 743 Stoltenberg Center, Genovevaville, NJ 59925-3119
Phone: +2202978377583
Job: Administration Engineer
Hobby: Surfing, Sailing, Listening to music, Web surfing, Kitesurfing, Geocaching, Backpacking
Introduction: My name is Rubie Ullrich, I am a enthusiastic, perfect, tender, vivacious, talented, famous, delightful person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.