Principal Architect - Application Cybersecurity (Remote)

About the position Responsibilities • Leads architecture design evaluations and threat modelling of our products (cloud and on-prem). • Recommends and implements products/services that support operational needs and security requirements. • Technical point of contact for product teams as it relates to automation, CI/CD, and remediation guidance. • Assist in leading the design, development, and implementation of security tools, best practices and standards and ensure product development teams understand them. • Perform code analysis of applications, manually and using SAST, DAST, and SCA scanning solutions as well as conducting manual vulnerability analysis. • Promotes and contributes to the continuous improvement of security strategy and supports risk prioritization. • Helps train and support team members. • Leads the improvement of the accessibility of security through automation, continuous integration pipelines, and other means. • Educate and mentor junior team members. • Ensures program(s) is meeting intended purpose and metrics. Requirements • Bachelor's degree in STEM, Computer Science. • Minimum of 7 years of experience in related field. • Expert knowledge of OWASP Top 10. • Proficiency in threat modeling. • Expert knowledge of risk management methodologies and processes. • Expert knowledge in DevSecOps (e.g., CI/CD, IaC, PaC, CaC). • Proficiency with security automation tooling and methods (e.g., TerraForm, Ansible, containerization, SBOM). • Proficiency with application testing (e.g., SAST, DAST, MAST, Pen Test tooling). • Proficiency with scripting (e.g., PowerShell, Python, Perl, Bash). • Proficiency with programming languages (e.g., Python, Java, .Net) and modern programming language structure (e.g., Object Oriented Programming, web framework). • Proficiency with CI/CD technology stacks (e.g AWS, Harness, TeamCity, GitHub, Artifactory, CHEF, CloudWatch). • Proficiency with Software Development Lifecycle processes. • Proficiency with web and app security stack (e.g., API security). • Proficiency with vulnerability management processes and providing remediation guidance. • Proficiency in the understanding of compliance frameworks (e.g., NIST 800-53, OWASP frameworks) and processes. • Proficiency in cryptography. • Proficient knowledge of IAM (i.e., authentication and authorization). • Proficient understanding of networks and network security (e.g., WAF, Micro-segmentation). • Proficient in risk management methodologies. • Proficient in cloud technologies. • Ability to work independently and self-motivate. • Excellent problem solving, critical thinking, interpersonal, collaboration, written and verbal communication skills. • Certified Information Systems Security Professional (CISSP), or equivalent. • Must be legally authorized to work in the United States for any employer without sponsorship. • Successful completion of interview required to meet job qualification. • Reliable, punctual attendance is an essential function of the position. Nice-to-haves • Master's degree. • Certified Ethical Hacker (CEH). • GIAC Security Essentials (GSEC). • Certified Information Security Manager (CISM). • Comp TIA Security +. • Certified Secure Software Lifecycle Professional (CSSLP). • Certified Information Systems Auditor (CISA). • Systems Security Certified Practitioner (SSCP). • CompTIA Advanced Security Practitioner (CASP+). • Offensive Security Certified Professional (OSCP). • Minimum of 12 years of experience in related field, including any combination of the following: threat modeling, secure coding, mobile and API security, identity management and authentication, software design and development, cryptography, system administration and network security, cloud computing. • Proficiency with application penetration testing to demonstrate and test exploitability of vulnerabilities. • Proficiency in waterfall and agile development processes and ability to integrate secure development practices into both models. • Success in implementing effective Secure SDLC frameworks across a large corporation. • Proficient knowledge of cloud security infrastructure technologies (e.g., containerization, service mesh, micro-services). • Proficient in LLM/GenAI technologies. • Proficient in mobile development technologies. Benefits • Medical, dental, vision, life, accident & disability insurance. • Parental leave. • Employee assistance program. • Commuter benefits. • Paid holidays. • Paid time off. • 401(k) plan. • Flight privileges. Apply tot his job