Serve as a member of the enterprise architecture team, providing technical security insight that aligns with business objectives and security requirements.
Works with IT departments, information security architects, technical architects, data custodians, and governance groups to develop and update security policies, standards, procedures, and solutions for secure application architecture.
Advises and drives the security maturity of the development lifecycle including secure coding and system security for operations.
Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs. Conducts Penetration Test, Vulnerability, and Risk assessments to improve the security architecture and security product toolset.
Prepares system security reports by collecting, analyzing, and summarizing data and trends. Executes validation by external vendors.
Verifies security systems and network configurations by developing and implementing test scripts while monitoring adherence to standards in architecture, application design, development, and testing frameworks.
Experience operating in a cloud environment (e.g. Azure, AWS, Rackspace) along with working in a dedicated information security role with a focus on Security Architecture.
Experience with PaaS, IaaS, SaaS, and/or mobile architecture
Solid experience with security hacking tools and techniques.
Solid understanding in application architectures and technology including web applications, mobile technology, identity and access management, security event and incident management as well as web security controls.
Extensive working knowledge of web application security best practices.
Experience with compliance standards such as HIPAA, CMS, SOX, GLBA; as well as security frameworks such as SANS 20 CSC, CoBIT, or NIST.
Previous involvement with developing and/or maintaining an Enterprise Security Architecture. Familiarity with TOGAF is a plus
Strong understanding and experience of software development methodologies and life cycles
Excellent written and verbal communications skills required, with the ability to explain advanced concepts to audiences of varying levels
Can be counted on to exceed goals successfully, very bottom-line orientated while steadfastly pushes self and others for results.
Has working knowledge of web application security best practices to include, but not limited to, Cloud Security Alliance controls matrix, OWASP Top 10.