|Preferred GIAC Certifications||GSSP-JAVA GWEB GWAPT|
|Contact Name||Apply Online|
The Security Architect will work internally with Application Development and Platform teams and externally with DMGT portfolio companies to ensure the system security posture is improved to world class standards. This includes helping guide the design and architecture of secure applications from the ground up, implementing secure coding practices, and evaluating cloud environments to ensure security considerations are well defined and implemented.
This role will be responsible for a comprehensive secure development and testing process including automation on a continuous basis for compliance with standards and controls. This is the perfect opportunity for the successful candidate to become part of an innovative and energetic team that believes: “security and Secure by Design principles can be a source of competitive advantage, and that world-class partnership throughout the Dev process mitigates risk, speeds delivery velocity, and improves quality.”
This position will be located in: Arlington, VA (DC Metro area)
Contribute security and privacy requirements along with recommended solutions into the design phase of product builds.
Perform threat modeling and facilitate design reviews across products to ensure proposed system and applications architectures have sufficient controls to mitigate evolving threats.
Preform hands on code reviews, testing and validation of security components to ensure implemented controls fully meet security requirements.
Plan, research and design robust security architectures in partnership with App/Dev/platform teams for any Application/IT project.
Perform/participate in security architecture reviews to ensure all security architecture design best practices and standards are met.
Incorporate Software Dependency Management and OSS License Compliance, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Runtime Application Security Testing (RASP) and Vulnerability Assessment technologies into CI/CD pipeline; Manage and support these products.
Perform co-ordination and remediation of application defects identified by security tools and work with application and platform teams to ensure they understand the nature of the defect and suggest remediation options.
Support the research of emerging technology, requisite security requirements, and emerging threats and develop way-forwards to meet organizational goals.
Evaluate security tools, vendors and solutions to support information security roadmap initiatives.
Work closely with architecture and development teams to develop common patterns for authentication, authorization, encryption, input validation/output encoding, logging, auditing and secrets management.
Respond to security-related incidents and provide a thorough post-event analysis.
Assist with planning and remediation of internal and external vulnerability, and external penetration scans, as needed.
Actively manage planning and remediation of internal and external vulnerability scans, and external penetration tests, as needed.
Ensure security methods conform to SSAE-18 SOC II and DMGT audit
Locate and/or deliver training on secure development lifecycle and secure application coding practices specific to programing languages and applications frameworks in use.
Partner with DevOps team to engineer automated, secure and auditable provisioning of cloud environments and application deployment.
Min 2 years’ experience in Cloud Security Design / Implementation / Management with exposure to AWS / Azure Native Security
Strong understanding and exposure to Network Security, Operating System Security, Web Security and End Point Security
Proficient at the secure software development lifecycle and DevSecOps, experience in DevOps environments and maintaining security in CI/CD processes highly desired
Proficient at identity, authentication and authorization systems
Good understanding of cryptographic trust based systems
Data and database security
Federation, SSO, IDS, IPS, Host Based Firewall, WAF (Web Application Firewall), DNS, DHCP, HTTPS/TLS, SSH, Key Management, PKI, Tokens, SAML, OAUTH
Coding experience is required
Familiarity with threat models for large, distributed systems and cloud-based SaaS infrastructure
Familiarity with BSIMM and OpenSAMM frameworks
Deep understanding of OWASP Top 10 and CWE/SANS Top 25
Knowledge of Intrusion Detection & Prevention Systems
10+ years of experience in security and technology based industry
5 years of experience working with various security architectures
Experience automating security threat mitigation response is a plus
Following certifications are a plus but not required: Licensed PEN Tester (LPT); Certified Ethical Hacker (CEH); Global Information Assurance Certification (GIAC): GSSP-JAVA GWEB GWAPT; Certified Secure Software Lifecycle Professional (CSSLP)
Bachelor’s Degree in Information Systems, Computer Science, Management Information System, Cyber Security or Engineering