Senior Application Security Architect

Job Description

Job Responsibilities:

• Act as a security subject matter expert, providing guidance and mentorship to development teams on secure coding practices, vulnerability remediation, and security testing methodologies.
• Conduct regular security assessments, including penetration testing, static analysis (SAST), dynamic analysis (DAST), Software composition Analysis (SCA), Secret scanning and vulnerability scanning to identify and prioritize security vulnerabilities in applications.
• Collaborate with frontend and backend developers to define Application and API requirements. – Ensure API security and authentication mechanisms are robust. – Monitor API performance and troubleshoot issues promptly.
• Participate in threat modelling exercises to identify potential security threats and design appropriate mitigation strategies
• Review application architectures and designs to ensure they adhere to security best practices and industry standards
• Contribute to the development and implementation of a robust secure SDLC, integrating security activities throughout the software development process.
• Develop and maintain automated security testing tools and frameworks to improve the efficiency and effectiveness of security testing.
• Stay up-to-date on the latest security threats, vulnerabilities, and technologies, and contribute to the acquisition/ development of new security tools and techniques.
• Ensure compliance with relevant security standards and regulations, such as DPDPA and GDPR.
• Defining security requirements for Products and applications and advising product development team on validation of security requirement of products
• Define common security and privacy solutions for application security
• Implement Privacy by Design principles to ensure protection of PII/PCI data.
• Support application teams in resolving vulnerabilities and prevent exploits
• Identify gaps in security architecture and controls of organization and Make decisions on upkeep of security posture of organization
• Lead and review assessments and audits for Internal/External agencies.
• Ideate on emerging trends of cyber-threat and align organizational strategy to address them
• Provide solutions to address existing challenges with Application/API security architecture.
• Engage with development team to enable DevSecOps practices.
• Provide regular updates to management on key activities, metrics, accomplishment, and blockers.

Technical Skills:

• Profound understanding on cryptographic standards, application security, enterprise architecture, software development lifecycle etc
• Thorough knowledge of authentication and authorization standards applicable in the web services, enterprise application, API development, eg: OAuth2, SAML, Tokenization etc.
• Deep understanding of security vulnerabilities, exploits application infrastructure, APIs etc
• Familiarity with Scripting and Programming skills such as HTML, CSS, JAVA as well as back-end language like C, C++, python, PHP.Perl, Bash, Ruby and PowerShell.
• Working knowledge of Mobile operating system such as IOS and Android Apps.
• Deep Familiarity with OWASP Top 10 (Web, Mobile & API), SANS and other coding guidelines.
• Experience in authentication and encryption methods, including OAuth and Public Key Infrastructure (PKI)
• Hands on experience in security tools like Burpsuit, Checkmarx, SonarQube, Fortify, BlackDuck ,Nexpose, Nessus, Acunetix, Veracode, OWASP ZAP, MobSF, Frida etc.
• Ability to perform Threat modelling and risk assessment of mobile and web applications and Knowledge of Cyber kill chain, STRIDE, NIST framework
• Advanced skill in Secure Software development lifecycle (SSDLC) methodology
• Hands on experience in DevSecOps workflows and CI/CD pipelines

Are you interested in this position?

Apply by clicking on the “Apply Now” button below!

#GraphicDesignJobsOnline

#WebDesignRemoteJobs #FreelanceGraphicDesigner #WorkFromHomeDesignJobs #OnlineWebDesignWork #RemoteDesignOpportunities #HireGraphicDesigners #DigitalDesignCareers# Dynamicbrand guru