Application Security Architect

Wex, Inc. is looking for an Application Security Architect with broad software development and application security experience. This individual would be responsible for designing, guiding, and assessing security solutions in software projects to ensure that security is built in from the beginning. With the assistance of tools including SAST, DAST and SCA, perform assessments of software projects to identify security issues and guide teams to effective remediations. We’re the Global Product Security Team at WEX, responsible for enabling a modern and effective Secure Software Development Lifecycle throughout WEX. We partner closely with internal teams and customers to assure WEX operates in a secure and compliant manner. Our team holds itself to a high-standard and we collaborate closely with one another to ensure strong, reliable and effective relationships. We own our results and we take pride of ownership in everything we do. Culturally, you’re: A highly motivated security architect who loves working on small, high performing teams that interface with the entire enterprise A collaborative, solid communicator who works well with your team and stakeholders to drive projects from inception to completion Someone who cares deeply for team results but is able to work independently to deliver high quality solutions for projects and operational tasks Comfortable balancing the need to move fast with the realities of working in a highly regulated organization Passionate about security, but pragmatic about delivering business value Customer focused - whether it’s internal teams that we’re supporting or the WEX partner, you prioritize ensuring they have a great experience with WEX and our team A skilled worker that has the motivation, expertise, and work ethic to operate independently across global time zones, and who is able to complete tasks and deliverables with minimal oversight A leader who builds consensus and drives change through buy-in and education rather than mandates Work closely with development teams on securing Wex's applications Able to mentor other engineers & architects on your team and other teams both technically and professionally Champion of a shift-left and DevSecOps approach to security, but tenacious enough to build such a program from the ground up A lifelong learner that is excited by new technologies and challenges Technically, you: Are a Subject Matter Expert in software development and software security, particularly with web applications, APIs, mobile apps and enterprise applications delivered in a SaaS model. Perform manual and automated secure code reviews, assisted with commercial static and dynamic application security scanning tools (SAST, DAST, SCA, etc) Do web application and mobile app penetration testing Deliver actionable security guidance to project teams Analyzes security assessments and effectively communicates requirements to appropriate software development, network and configuration management teams; Actively participates in Security Development Lifecycle efforts such as performing secure architecture reviews, secure code reviews, threat models and penetration testing through the software development lifecycle; Keeps abreast of security industry best practices and OWASP recommendations utilizing knowledge to contribute to remediation efforts across the platform, as well as security policies and procedures; Identifies and partners with security champions in the development organization to scale security expertise and awareness. Write comprehensive reports including assessment-based findings, outcomes and recommendations for security enhancement. Deep experience working with compliance and regulatory frameworks such as PCI-DSS, HIPAA/HITRUST, SOX, GDPR, NIST, etc.