Security Architect - Remote

The Role

This role leads initiatives in product security and overall security operations. They are responsible for developing, executing, auditing, and maintaining security controls, defenses, and countermeasures to intercept and prevent attempts to infiltrate company data. This challenging position will work closely with all departments and 3rd Party Vendors to ensure baseline security for the organization.

Job Duties Include:

• Perform security-focused code reviews
• Support and consult with product and development teams in the area of application security, including threat modeling and application security reviews
• Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
• Support the bug bounty program.
• Support the preparation of security releases.
• Assist in development of security processes and automated tooling that prevent classes of security issues.
• Provide business and IT management with guidance on CyberSecurity risk related to process changes, data protection, infrastructure, and system security controls.
• Lead annual third-party audits and develop audit schedule.
• Coordinate meetings and gather evidence to support audit requirements.
• Perform Application Security testing as part of the development process.
• Provide developer training and awareness
• Report key performance metrics for product security.
• Provide direction to Security Champions in the development departments.
• Assist with customer questionnaire requests and security addendums.
• Manage the development and distribution of CyberSecurity training to end users.
• Manage security event monitoring.
• Lead the incident management program.
• Assist with documenting security standards and policies.
• Performs all other duties as assigned.

Requirements:

• Able to work well with software development teams.
• Conduct architectural reviews of software and systems.
• Experience identifying security issues and validating false positives through code review.
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
• Familiarity with some common security libraries and tools (e.g. static analysis tools, proxying / penetration testing tools).
• Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10).
• Basic development or scripting experience and skills.
• A basic understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols).
• Bachelor's or Master's Degree in a technology field or equivalent experience
• 7+ years of experience in cybersecurity and/or security auditing
• Advanced knowledge of security control frameworks (NIST CSF)
• Advanced knowledge of security standards desired (NIST 800-53)
• Relevant security certifications desired (CISSP, GIAC, CEH, OSCP)