Application Security Architect
With 6,000+ clients and over 500,000 screens deployed, FWI’s software platform is driving Visual Communications to millions of people every day, all over the world. We are a values-driven organization that encourages our employees to bring their authentic self to work every day and empowers everyone to make a tangible impact on our products, clients and culture. Our employees are passionate about their craft, but they are also parents, skiers, comedians, runners, animal lovers, foodies and phenomenal human beings who appreciate our dedication to providing a healthy work/life balance.
We’re proud to be one of Built In Colorado’s top digital tech companies. At FWI, our culture is important to us. We are a diverse team of talented, passionate people who want to make a difference, but don’t take ourselves too seriously. If our core values speak to you, we want to meet you:
- Bring your best self
- See it
- Own it
- Crush it
- Be Gracious
Four Winds Interactive is actively seeking an Application Security Architect to help us implement and maintain best security practices in our SDLC, which includes but is not limited to, “Privacy by Design” principles, SD3+C methodologies, threat modeling, auditing, secure software code design, security awareness training for engineering, and general application penetration testing. This is an incredible opportunity for someone with a strong background in application penetration testing, to shape and grow an entirely new role at FWI. An ideal candidate will have a background in Engineering/Development, be an excellent collaborator, a leader, and want to make a large impact in a global organization.
The compensation package will be aligned to each candidate’s experience and qualifications. All applicants must be authorized to work in the United States.
- Conduct secure coding training for Software Engineers.
- Participate in code development.
- Facilitate our secure SDLC which includes AVS scanning, SD3+C, and PD3+C methodologies, etc.
- Facilitate security design sessions, documenting the proposed design including diagramming.
- Perform threat modeling using DREAD and STRIDE.
- Manual Penetration Testing of our Products and Vendor Products.
- Review and maintenance of service documentation.
- Develop detailed vulnerability reports for application owners and management teams.
- Conduct detailed penetration test report read-outs with application owners and management teams and provide remediation recommendations.
- Assist with application security standards and policy documentation
Requirements for Success:
- 3-5 years of experience performing network and application security testing.
- 2+ years working on security principles in software engineering with expert knowledge in Open Web Application Security Project (OWASP) security principles.
- Working knowledge of software vulnerabilities.
- Experienced in Network, Web and Mobile technologies and vulnerabilities
- Familiarity with penetration testing tools such as Nessus vulnerability scanners, BurpSuite Pro, Metasploit, Kali Linux.
- Excellent organizational, analytical, verbal and written communication skills are essential.
- Strong customer service skills.
- Ability to test a variety of projects simultaneously and to learn new tools and security testing methodologies in a team-oriented environment.
Helpful for Success:
- A Bachelor’s degree in Management Information Systems (or equivalent.)
- General knowledge of network and software design.
- Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP) required.
- Other security certifications: Systems Security Certified Practitioner (SSCP.)
Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status