Application Security Architect

About The Position

Requirements

• Bachelor’s degree in computer science, Information Security, or a related field preferred.
• 5+ years of experience in IT and application architecture and security technologies
• Familiarity with security standards and frameworks such as NIST, CIS, GDPR, MITRE ATT&CK, etc.
• Experience with performing architecture reviews to steer projects in the right direction early, lead security reviews, and develop security ownership
• Experience with application scanning tools (i.e. Snyk, Rapid7, Checkmarx, SonarQube ) implementation and integration with CI/CD pipeline
• Good understanding of Threat and Vulnerability Management, SIEM, EDR, DMARC, DKIM, DLP, and PKI
• Knowledge of cyber risk quantification methodologies
• Ability to collaborate with experienced and innovative leaders who share a clear vision and a track record of success
• The ideal candidate will have hands on experience and a good understanding of security in data centers and in the cloud across networked infrastructure, application, and data

Nice To Haves

• Security related certifications preferred

Responsibilities

• Lead security architecture direction for solutions as well as influence peers, cross functional partners, and IT leadership
• Consult and lead the design of security best practices and implementation of solid security principles across the organization, to meet business goals along with customer and regulatory requirements
• Review solution design for compliance to Information Security Standards
• Design, build and implement enterprise-class security systems for cloud and on-prem production environments
• Ensure the organization implements a security architecture that enables Rotary to grow but also keeps infrastructure and customer data secure
• Design, implement and maintain application security architecture framework
• Review application architecture diagrams, data flow diagrams, and network diagrams and advise on non-compliance issues
• Perform and document threat modeling and reviews
• Supporting the security awareness program by providing documented examples and training sessions to developers and engineers
• Coordinate with application teams to implement application security monitoring
• Refine our Security efforts in further defining our processes, procedures, and controls for cloud-based tolerant systems that require stringent data security
• Effectively communicate security risk to various audience levels
• Provides security requirements and recommendations on solution design to technical and business teams
• This is a position of critical importance; it involves close coordination with key members of Technology Services and Product teams

Benefits

• Generous medical, dental, and vision benefits package
• Progressive 401k matching contributions
• Above market and generous paid time off package
• Tuition reimbursement
• Professional development opportunities
• On-site cafeteria and coffee bar with special pricing for Rotary employees
• Flextime-several different work schedules to choose from