Application Security Architect

  • Focused on working with application project and development teams to see standard BNP security controls and industry best practices integrated into project life-cycles in alignment with the security strategy.
  • Responsible to advise on business impact to senior management and sponsors.
  • Reports to VP of Application & Database Security.

 

Position Responsibilities:

  • Work with IT project community and advise on application security standard controls and best practices.
  • Work closely with other IT operation groups for identifying and remediation of systems with security issues.
  • Should have practical implementation knowledge to advise IT development and implementation teams on how to fix potential vulnerabilities.
  • Advise senior management including business sponsors on Security risks and should be able to translate security risks to business impact.
  • Review application, database and network architecture and highlight risks.
  • Onboard applications into the existing Security frameworks and participate in an advisory capacity until project deployment.

 

Position Qualifications:

Candidate Background

  • 1-3 years professional experience as an Application Developer.
  • 8-10 years of professional experience in an information security function for a financial, insurance, pharmaceutical, or similar commercial industry preferred.
  • Bachelor’s Degree in Computer Science or related field preferred.

 

Required Skills

  • Perform Risk assessments for applications and underlying systems and recommend security requirements based on upstream Business requirements.
  • Should have knowledge on Network and Infrastructure architecture.
  • Ability to review and understand organizational security policies and incorporate into standard processes in a project.
  • Expert understanding of HTTP, HTTPS, and other application layer protocols.
  • Expert understanding of network layer protocols & industry best practices.
  • Demonstrated proficiency in developing secure solutions developed using common development frameworks (J2EE, .NET, Spring, Struts, Hibernate, etc) and languages (Java, C#, C++, etc)
  • Actively contributes to strategic security departmental planning in alignment with architectural goals.
  • Strong analytical and problem solving skills.
  • Excellent written, verbal communication & presentation skills.
  • Should be able to work as a team player.

 

Helpful Skills

  • CISSP Certified.
  • CISM/CISA Certified
  • Experience with the following:
    • Web application proxies.
    • Architecture Reviews.
    • DB vulnerability management.
    • Web Application vulnerability management.

 

 

Apply Now