Sr. Application Security Architect

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, or a related field.
• Minimum of 10 years of experience in application development, information security, and web application security.
• Extensive experience in application security testing and penetration testing across various platforms.
• Proficiency in implementing and managing security testing tools (SAST, DAST, IAST) and integrating them into DevSecOps pipelines.
• Programming expertise in languages such as JavaScript, React, Java, Python, Go, or C/C++.
• Hands-on experience with securing cloud-based solutions (AWS, Azure).
• Strong understanding of OWASP principles and secure software development practices.
• Experience in Agile and CI/CD pipeline development, with a focus on integrating security into the process.
• Experience security API’s
• Proficient in secure application design on a variety of platforms
• Experience managing DAST tooling
• Experience managing SAST tooling
• Proven ability to convert manual security processes into automated, scalable workflows.
• Subject matter expertise in secure software design, architecture, and threat modeling.
• Familiarity with industry-standard security frameworks such as OWASP SAMM.
• Experience in securing open-source code and contributing to the secure deployment of enterprise-level applications.
• Experience with secure methods of integrations with other platforms
• Familiar with the trends in artificial intelligence
• Experience using application security tools like Synk, Invicti and DefectDojo
• Strong leadership and project management skills, with experience in driving security initiatives across multiple teams.
• Excellent written and verbal communication skills, with the ability to explain complex security concepts to both technical and non-technical audiences
• Ability to conduct source code reviews and deliver security education to development teams.
• Committed to quality and its continuous improvement.
• Solves problems proactively.
• Committed to learning better and more efficient ways to accomplish tasks.
• Excellent Communication Skills

Responsibilities

• Lead the design, implementation, and continuous improvement of secure web development practices across the organization.
• Establish formal processes and frameworks to manage application security, including threat modeling, code reviews, and vulnerability assessments.
• Manage and enhance automated security tools, such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST).
• Produce detailed reports on application vulnerabilities and collaborate with development teams to propose mitigation strategies.
• Build, maintain, and enforce security policies, procedures, and standards within the application development lifecycle.
• Collaborate with cross-functional teams to incorporate security into CI/CD pipelines and secure DevOps processes.
• Evaluate new security tools and technologies, operationalize them into the existing infrastructure, and integrate with development and deployment workflows.
• Stay current on emerging security threats and vulnerabilities, advising on proactive solutions.
• Conduct architectural reviews focused on security principles and guide teams in secure coding practices.
• Develop and maintain a secure code library, providing reusable code snippets and cryptographic solutions.
• Lead the adoption and integration of security in cloud environments, including AWS and Azure platforms.
• Drive continuous improvement of the organization’s security maturity using frameworks such as OWASP SAMM.
• You will be responsible for adhering to all HealthStream security policies, procedures, and assigned training.

Benefits

• Medical, Dental and Vision insurance
• Paid Time Off
• Parental Leave
• 401k and Roth
• Flexible Spending Account
• Health Savings Account
• Life Insurance
• Short- and Long-Term Disability
• Medical Bridge Insurance
• Critical Illness Insurance
• Accident Insurance
• Identity Protection
• Legal Protection
• Pet Insurance
• Employee Assistance Program
• Fitness Reimbursement