• Application Security Architect

    Job Locations US-MA-North Reading
    Posted Date 5 days ago(7/10/2018 1:24 PM)
    Job ID
    2018-1193
    Organization
    Security
  • ­

    As part of the Security team, the Application Security Architect is responsible for ensuring the security of TraceLink’s applications and leading the ongoing development, implementation, customization, and maintenance of TraceLink’s application security program. Working closely with Product Management, Engineering, Cloud Operations, and Security teams, this role will continually improve security integration throughout the software development lifecycle. This includes activities such as defining and updating TraceLink’s standards based on recognized best practices, threat modeling, conducting architecture reviews, performing security assessments, performing secure code reviews, and developing and delivering training.

    ­

    • Provide security expertise and guidance throughout the software development lifecycle (SDLC) through active engagement
    • Maintain expert level knowledge on application security issues and best practices
    • Ensure adoption of secure application architecture, and evolve TraceLink’s security requirements to reflect changes in our technology stack
    • Perform manual and automated secure code reviews and application testing
    • Enforce secure coding standards
    • Assist QA teams with test plan development
    • Provide recommendations to address identified issues
    • Develop and deliver ongoing training on threat modeling, secure design, secure development, and security testing
    • Develop assessment tools to integrate with SDLC
    • Create detailed documentation to support continued improvement of security elements throughout the SDLC
    • Interact with customers to explain the security of our applications

    ­

    Required:

    • Bachelor's degree or equivalent experience in Computer Science, Information Systems Security, or related field
    • Minimum 6-8+ years in software development or relevant experience
    • Minimum 4+ years in application security or relevant experience
    • Experience with securing cloud-native applications
    • Experience with the application of threat modeling or other risk identification techniques
    • Expert knowledge of software security testing and tools, including both static and dynamic analysis
    • Experience in remediating complex enterprise-level security issues
    • Expert knowledge of secure coding practices in Java
    • Experience with applied cryptography
    • Deep understanding of OWASP Top 10, including avoidance and remediation techniques
    • Excellent analytical and problem solving skills
    • Excellent verbal and written communication skills, including executive-level presentations

    Preferred Skills:

    • Experience working with AWS or other cloud-based environments
    • Knowledge of microservices architecture and supporting technologies
    • Competency with other programming languages including Scala and C
    • Knowledge of mobile security, including experience implementing security controls
    • Experience evaluating security products and technologies with a critical eye on functionality and applicability
    • Familiarity with CentOS
    • Familiarity with using relational and non-relational databases
    • Application of security technologies, ISO 27001, NIST, and HIPAA-based security controls, and industry best practices in a GxP environment

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed