RED SKY Consulting
Application Security Architect
RED SKY Consulting, Minneapolis, Minnesota, United States, 55400
Job Title: Application Security Architect
Location: Remote within US or Canada
Type: Direct Hire
Bottom Line / In a Nutshell:
Bachelor's Degree in Computer Science or equivalent experienceHighly technical and analytical experience, with a proven deep background (five-plus years preferred in addition to cybersecurity) in software engineering.5-7+ years experience in Software Development5-7+ years experience in a Security Engineering role with a specific focus on Vulnerability Management and Secure CodingPreference is for folks who worked with C# (Python and Java are fine but mainly use C# there)Must be familiar with SAST tools (Veracode, Snyk, Checkmarx, etc.)Experience with Pentesting (Burpsuite, etc.)Experience with bug tracking (Jira, etc.)Job Description:
The Product Security team is responsible for the code-level security of our products. We enhance product security via finding, fixing, and preventing security flaws across our family of products. On the Product Security Assurance teams, we build the tools and run the programs that eliminate security bugs in code. Beyond simply pointing out issues, we solve problems through close partnership with product and development teams. As such, we are looking for a Application Security Architect with strong technical & leadership skills, a background in product/application security, and a passion for solving complex product security challenges in a fast-moving agile environment. They should be comfortable working across the company and enjoy finding innovative ways to mitigate risk while protecting the data of more than five million users of our products.
What you'll get to do:
Implement Cloud Platform and Application Security Blueprint and drive adoption of standardized methodologies, libraries, and toolsAs a security SME, own identification and remediation of vulnerabilities within Platform and SaaS applications codebase, as well as 3rd party dependencies, with focus on maturing Application Security Engineering beyond OWASP Top TenDefine secure coding practices and guidance, conduct security reviews, and drive down security-related technical debtConduct penetration testing using open source and commercial toolsDevelop scripts and tooling to "shift-left" common security tasks enabling DevSecOpsEngage development teams in security feature reviews and threat modelingContribute to a secure/compliant cloud-native service catalogCollaborate with engineering and operations teams to implement and automate security controls and processes cloud-native security monitoring, tooling, and reportingFoster a security-first culture by partnering with dev teams and platform engineers to balance key performance and security.Lead continuous product and application security reviews.Perform application security testing using SAST, DAST, IAST and RASP tools.Combine automated and manual product and application testing methods.Engage with internal and external teams performing vulnerability and penetration testing.Document security findings, outline remediation options and oversee mitigation.Focus on automation to aid in efficiencies with both testing and remediation of findings.Collaborate with developers and product managers for continuous security validation.Recommend controls where there are security gaps and track through to implementation and validation.Regularly monitor the threat landscape and assess the potential impact to products.Attend and participate in product meetings addressing security requirements for new and existing products.Serve as the primary management point of contact for product cybersecurity requirements, initiatives and escalations.Evaluate the existing product ecosystem and propose product changes to security leadership and engineering.Leverage security standards and implementation configurations, as well as common security frameworks.Uphold software bills of materials across products.Attend internal and external education and training sessions, with a focus on product security principles.Possess a general understanding of bug bounty programs and their management.Align with architects and development teams for a mission of secure design.Actively participate in security team meetings that facilitate secure product design.Possess general knowledge of product security that meets compliance, privacy laws and regulatory requirements.Focus on security process efficiencies, prioritizing advanced tasks to keep pace with product demand.Collaborate with team members and align with security, audit and risk management leadership.Perform other duties as assigned.Skills and Experience we value:
Bachelor's Degree in Computer Science or equivalent experienceHighly technical and analytical experience, with a proven deep background (five-plus years preferred in addition to cybersecurity) in software engineering.7+ years experience in software development7+ years experience in a Security Engineering role with a specific focus on vulnerability management and secure codingWhat would make you really stand out:
One of the security certifications, such as CISSP, GSEC, Azure Architect and/or Azure Security Engineer/Technologies preferredBackground in automated program analysisExperience with .NET and C#DevOps experience with infrastructure, cloud and application pipelinesExperience running operational teamsExperience in Threat Modeling using STRIDE, PASTA, or similarExperience with open-source (e.g. Kali Linux) and commercial penetration testing toolsExpertise in identifying and remediating OWASP Top Ten vulnerabilities and beyondExpertise with Azure security services as well as Docker/KubernetesMinimum 1 year of experience with active compliant environments, eg PCI-DSS, HITRUST, FEDRAMP, ISO 27001, or similarly regulated industries.Experience with SAST, DAST, IAST and RASP.Five-plus years of experience with public cloud providers (AWS, Azure, GCP).Experience with container security, such as Docker and Kubernetes.Knowledge of CI/CD platforms, such as Jenkins and CircleCI.Experience building prototypes of tools and exploits, as well as conducting vulnerability and penetration tests.Proficiency in software development (.NET, Java, Rust, Golang, Python, C++, Ruby, etc.).Experience with security requirements for APIs
THIS IS A GREAT OPPORTUNITY WITH A FIRST-CLASS COMPANY
Application Security Architect
<><><><><><><><><><>
RED SKY Career Opportunities at:
redskyconsulting.co/career-portal
<><><><><><><><><><>
Application Security Architect
RED SKY Consulting Candidate and Client Referral Program!
2500
Do you know other IT professionals?
Turn those relationships into Money & help friends get work
RED SKY Consulting is offering a fantastic opportunity for you to earn extra money.
If you refer to us a Manager of people or skilled professionals, we will link your name to that person for 18 months.
If we employ or place that individual or place people into that company thru that manager
Application Security Architect
<><><><><><><><><><>
RED SKY Consulting Company Overview:
We are an IT and Cybersecurity staffing solutions, professional services, management consulting, and executive placement company with thousands of resources across multiple IT and Cybersecurity skill sets. Our primary US locations are Chicago, New York, Los Angeles, Atlanta, Nashville, Tampa and Denver and we have organizational arms in other domestic cities along with offshore alliances in India and Ireland. RED SKY has a 15+ year history of providing great technology talent. RED SKY has many clients including; 7 of the Fortune 10, half of the Fortune 100, and 25% of the Fortune 500 companies within the manufacturing, financial services, health care, government, consumer services, insurance, and several other industry verticals represented.
The RED SKY Foundation is being formed and will be providing fully funded college educations to underprivileged young adults in partnership with our clients starting 2022.
<><><><><><><><><><>
Keys: Application Security, Architecture, Software Development, SAST, Pentest, C#, Application Security, Architecture, Software Development, SAST, Pentest, C#, Application Security, Architecture, Software Development, SAST, Pentest, C#
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
#LI-SC1
Location: Remote within US or Canada
Type: Direct Hire
Bottom Line / In a Nutshell:
Bachelor's Degree in Computer Science or equivalent experienceHighly technical and analytical experience, with a proven deep background (five-plus years preferred in addition to cybersecurity) in software engineering.5-7+ years experience in Software Development5-7+ years experience in a Security Engineering role with a specific focus on Vulnerability Management and Secure CodingPreference is for folks who worked with C# (Python and Java are fine but mainly use C# there)Must be familiar with SAST tools (Veracode, Snyk, Checkmarx, etc.)Experience with Pentesting (Burpsuite, etc.)Experience with bug tracking (Jira, etc.)Job Description:
The Product Security team is responsible for the code-level security of our products. We enhance product security via finding, fixing, and preventing security flaws across our family of products. On the Product Security Assurance teams, we build the tools and run the programs that eliminate security bugs in code. Beyond simply pointing out issues, we solve problems through close partnership with product and development teams. As such, we are looking for a Application Security Architect with strong technical & leadership skills, a background in product/application security, and a passion for solving complex product security challenges in a fast-moving agile environment. They should be comfortable working across the company and enjoy finding innovative ways to mitigate risk while protecting the data of more than five million users of our products.
What you'll get to do:
Implement Cloud Platform and Application Security Blueprint and drive adoption of standardized methodologies, libraries, and toolsAs a security SME, own identification and remediation of vulnerabilities within Platform and SaaS applications codebase, as well as 3rd party dependencies, with focus on maturing Application Security Engineering beyond OWASP Top TenDefine secure coding practices and guidance, conduct security reviews, and drive down security-related technical debtConduct penetration testing using open source and commercial toolsDevelop scripts and tooling to "shift-left" common security tasks enabling DevSecOpsEngage development teams in security feature reviews and threat modelingContribute to a secure/compliant cloud-native service catalogCollaborate with engineering and operations teams to implement and automate security controls and processes cloud-native security monitoring, tooling, and reportingFoster a security-first culture by partnering with dev teams and platform engineers to balance key performance and security.Lead continuous product and application security reviews.Perform application security testing using SAST, DAST, IAST and RASP tools.Combine automated and manual product and application testing methods.Engage with internal and external teams performing vulnerability and penetration testing.Document security findings, outline remediation options and oversee mitigation.Focus on automation to aid in efficiencies with both testing and remediation of findings.Collaborate with developers and product managers for continuous security validation.Recommend controls where there are security gaps and track through to implementation and validation.Regularly monitor the threat landscape and assess the potential impact to products.Attend and participate in product meetings addressing security requirements for new and existing products.Serve as the primary management point of contact for product cybersecurity requirements, initiatives and escalations.Evaluate the existing product ecosystem and propose product changes to security leadership and engineering.Leverage security standards and implementation configurations, as well as common security frameworks.Uphold software bills of materials across products.Attend internal and external education and training sessions, with a focus on product security principles.Possess a general understanding of bug bounty programs and their management.Align with architects and development teams for a mission of secure design.Actively participate in security team meetings that facilitate secure product design.Possess general knowledge of product security that meets compliance, privacy laws and regulatory requirements.Focus on security process efficiencies, prioritizing advanced tasks to keep pace with product demand.Collaborate with team members and align with security, audit and risk management leadership.Perform other duties as assigned.Skills and Experience we value:
Bachelor's Degree in Computer Science or equivalent experienceHighly technical and analytical experience, with a proven deep background (five-plus years preferred in addition to cybersecurity) in software engineering.7+ years experience in software development7+ years experience in a Security Engineering role with a specific focus on vulnerability management and secure codingWhat would make you really stand out:
One of the security certifications, such as CISSP, GSEC, Azure Architect and/or Azure Security Engineer/Technologies preferredBackground in automated program analysisExperience with .NET and C#DevOps experience with infrastructure, cloud and application pipelinesExperience running operational teamsExperience in Threat Modeling using STRIDE, PASTA, or similarExperience with open-source (e.g. Kali Linux) and commercial penetration testing toolsExpertise in identifying and remediating OWASP Top Ten vulnerabilities and beyondExpertise with Azure security services as well as Docker/KubernetesMinimum 1 year of experience with active compliant environments, eg PCI-DSS, HITRUST, FEDRAMP, ISO 27001, or similarly regulated industries.Experience with SAST, DAST, IAST and RASP.Five-plus years of experience with public cloud providers (AWS, Azure, GCP).Experience with container security, such as Docker and Kubernetes.Knowledge of CI/CD platforms, such as Jenkins and CircleCI.Experience building prototypes of tools and exploits, as well as conducting vulnerability and penetration tests.Proficiency in software development (.NET, Java, Rust, Golang, Python, C++, Ruby, etc.).Experience with security requirements for APIs
THIS IS A GREAT OPPORTUNITY WITH A FIRST-CLASS COMPANY
Application Security Architect
<><><><><><><><><><>
RED SKY Career Opportunities at:
redskyconsulting.co/career-portal
<><><><><><><><><><>
Application Security Architect
RED SKY Consulting Candidate and Client Referral Program!
2500
Do you know other IT professionals?
Turn those relationships into Money & help friends get work
RED SKY Consulting is offering a fantastic opportunity for you to earn extra money.
If you refer to us a Manager of people or skilled professionals, we will link your name to that person for 18 months.
If we employ or place that individual or place people into that company thru that manager
Application Security Architect
<><><><><><><><><><>
RED SKY Consulting Company Overview:
We are an IT and Cybersecurity staffing solutions, professional services, management consulting, and executive placement company with thousands of resources across multiple IT and Cybersecurity skill sets. Our primary US locations are Chicago, New York, Los Angeles, Atlanta, Nashville, Tampa and Denver and we have organizational arms in other domestic cities along with offshore alliances in India and Ireland. RED SKY has a 15+ year history of providing great technology talent. RED SKY has many clients including; 7 of the Fortune 10, half of the Fortune 100, and 25% of the Fortune 500 companies within the manufacturing, financial services, health care, government, consumer services, insurance, and several other industry verticals represented.
The RED SKY Foundation is being formed and will be providing fully funded college educations to underprivileged young adults in partnership with our clients starting 2022.
<><><><><><><><><><>
Keys: Application Security, Architecture, Software Development, SAST, Pentest, C#, Application Security, Architecture, Software Development, SAST, Pentest, C#, Application Security, Architecture, Software Development, SAST, Pentest, C#
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
#LI-SC1