Principal Security Architect - Applications
Job Description:
The Application Security Architect plays an integral role working with other Security Architects in defining and assessing the organization's application and development security strategy, architecture and practices. The Application Security
Architect will be required to effectively translate business objectives and risk management strategies into specific application and development security standards and processes.
What You’ll Be Doing:
The Application Security Architect will be responsible for the following activities and functions:
• Develop and maintain an application security architecture process enabling the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers.
• Assist in the developing security strategy plans and road maps based on sound enterprise architecture practices.
• Develop and maintain application security architecture artifacts (models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations.
• Track developments and changes in the digital business and threat environments to ensure that these are adequately addressed in security strategy plans and architecture artifacts.
• Participate in application and development projects to provide security planning advice.
• Draft security standards, procedures and guidelines to be reviewed and approved by executive management and/or formally authorized by the CSO.
• Conduct security assessments of internal systems and applications as part of the overall risk management practice of the organization.
• Be familiar with OWASP top ten application security flaws and how to mitigate them, the Security Development Lifecycle (SDL) and other secure coding practices.
• Conduct static and dynamic code reviews of applications to determine security flaws or other issues that would impact the confidentiality, integrity or availability of the system.
• Coordinate with DevOps and other teams to advocate secure coding practices and escalate concerns related to poor coding practices to the CSO or the individual responsible for the overall security direction.
• To ensure security-related matters are adequately conveyed, strong communications skill (written and oral to all levels in the organization) along with strategic planning, financial analysis, and project management skills are necessary.
• Less than 25% travel required.
What We Are Looking For:
- Bachelor's or Master's Degree in Computer Science, Information Systems, Cybersecurity or a related field
- Development or audit experience with one or more general coding languages (Java, C#, Angular, JavaScript, PHP) is an absolute requirement
- Certifications such as CISSP, CISM, or similar are a plus
- Experience developing and maintaining an application security architecture process which enables the enterprise to implement security solutions
- Experience developing security strategy plans based on sound enterprise architecture practices
- Ability to develop and maintain application security architecture artifacts (models, templates, standards and procedures)
- Verifiable participation in application and development projects to provide security planning advice
Experience drafting security standards, procedures and guidelines - Familiarity with OWASP top ten application security flaws and how to mitigate them, the Security Development Lifecycle (SDL), and other secure coding practices
- Excellent oral and written communication skills and the ability to communicate to all levels in the organization required
- Skills in strategic planning, financial analysis, and project management skills
What’s In It For You:
At Arrow, we are driving innovation and choice by offering employees a variety of benefits designed to keep you and your family physically and financially healthy.
Not only do we offer a competitive salary and work-life balance, we offer benefits to match your needs:
- Medical, Dental, Vision Insurance
- 401k, With Matching Contributions
- Generous Paid Time Off
- Health Savings Account (HSA)/Health Reimbursement Account (HRA) Options
- Growth Opportunities
- Short-Term/Long-Term Disability Insurance
- And More!
Arrow is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, gender, sexual orientation, gender identity, national origin, veteran or disability status. (Arrow EEO/AAP policy)