Match score not available

Application Security Architect

extra holidays
Remote: 
Full Remote
Contract: 
Salary: 
19 - 19K yearly
Experience: 
Expert & Leadership (>10 years)
Work from: 

Offer summary

Qualifications:

Bachelor's degree or equivalent experience, 7+ years of relevant experience, One or more relevant security certifications, Experience with application security vulnerabilities and defense techniques, Knowledge of modern application development languages.

Key responsabilities:

  • Assess security and compliance of web applications throughout SDLC
  • Define and document security requirements for new applications
  • Partner with interdisciplinary teams to develop integration strategies
  • Conduct periodic assessments and vulnerability management activities
  • Deliver training and mentoring to software developers on security topics
DSS, Inc. logo
DSS, Inc. SME https://www.dssinc.com/
501 - 1000 Employees
See more DSS, Inc. offers

Job description

Job Details
Level:    Experienced
Job Location:    DSS Baton Rouge - Baton Rouge, LA
Position Type:    Full Time
Education Level:    4 Year Degree
Salary Range:    Undisclosed
Travel Percentage:    Up to 25%
Job Shift:    Day
Job Category:    Information Technology
Description

POSITION SUMMARY:

The Architect, Application Security (CS) 

  • assess the security and compliance of web applications, code, and related components in our proprietary Health Cloud products (including those of third-party vendors) throughout the software development lifecycle (SDLC) to ensure they are designed and built securely;
  • will work as part of the Cyber team and collaborate closely with key stakeholders to define and document security requirements, plans, architecture, and FISMA paperwork required for the applications Authority to Operate (ATO).

DUTIES AND RESPONSIBILITIES: 

Essential Duties

  • Partner with system, infrastructure, application, and cyber security teams to determine/create integration strategies/patterns that allow secure access across programs and applications.
  • Define and document security requirements for new application, identify the appropriate configurations.
  • Identify and document application threats, vulnerabilities, and risks, and advise development teams how to protect against them.
  • Ensure the security of the system lifecycle through code reviews and testing.
  • Work with key stakeholders to ensure authentication controls are understood from a security perspective, and work with the development team to plan, develop and implement the solution.
  • Work with the development team to resolve findings from security scans, reviews, or penetration tests.
  • Help incident response teams respond to detected intrusions.
  • Conduct periodic assessments.
  • Develop the application’s security architecture in collaboration with the development team.
  • Assess the security posture associated with networking, security technologies, hardware and software development, test, and evaluation.
  • Support vulnerability assessment, penetration testing, and supply chain risk management activities.
  • Perform code reviews and conduct testing to ensure security is built in as planned.
  • Work with the development team to ensure the remediation of identified vulnerabilities and Plan of Action and Milestones (POA&Ms) are analyzed, understood, and resolved based on priority levels defined.

Other Duties:

  • Align and periodically communicate metrics with senior leadership around the effectiveness of the application security program.
  • Leverage your accumulated subject matter expertise of DSS’ applications, systems, and code to propose and drive architectural improvements which address classes of security flaws in the FedRAMP ecosystem and other projects such as SOC2 and HITRUST.
  • Deliver training and provide mentoring to software developers on security topics.
  • Facilitate threat modeling exercises to ensure optimized security design decisions are being made.
  • Participate in requirements definition and perform initial risk analysis to define a minimum standard of security for each application.
  • Ensure changes do not create or introduce security gaps.

SECURITY AND PRIVACY DUTIES AND RESPONSIBILITIES

  • Individuals working for DSS will be subject to security and privacy requirements as explained in HIPAA, FedRAMP, and NIST 800-53. Additionally, they are required to undergo specific FedRAMP training to ensure compliance with all associated controls and responsibilities in the day-to-day performance of their duties. Individuals working in departments that are considered to be in the high-risk category will be required to undergo advanced training based on their role and level of access. Individuals with access to modify data and the configuration baseline will require further training.

The preceding functions are examples of the work performed by employees assigned to this job classification.  Management reserves the right to add, modify, change or rescind work assignments and make a reasonable accommodation as needed.

Qualifications

QUALIFICATIONS:

Skills:

Required:

  • Experience as a senior/staff/lead security engineer in product and application security.
  • Experience leading security projects and initiatives that require collaboration with teams across an organization.
  • Sound understanding of application security vulnerabilities (e.g., OWASP Top 10), defense techniques and security best practices, including language-specific security practices and present-day threats.
  • Experience with modern application development languages and frameworks (e.g., .NET, Node.js, Java, Python, React, Angular

Desired:

  • Experience with assessing/securing large, complex SaaS applications.
  • FedRAMP and or SOC 2 knowledge.
  • Two + years of experience as a people manager.
  • Use of agile methodologies for project management.
  • Manual web application penetration testing experience, including the use of professional penetration testing tools.
  • Strong familiarity with AWS, Docker, Kubernetes, Linux, and similar infrastructure/technologies.
  • Prior full time software development experience.
  • Safeguarding applications by identifying associated threats, vulnerabilities, and risks, and implementing ongoing security testing and code review.
  • Securely configuring application components (within the application).

Education:

Required:

  • Bachelor’s degree or equivalent experience.

Certification(s), Licenses:

Required:

  • One or more relevant security certifications (CSSLP, CISSP, CISM, CEPT, CMWAPT, CPT, CEH, LPT, GWAPT, GPEN, GXPN, OSCP).

Desired:

  • CASE, CASS, GWEB

Years of experience in a similar role:

Required:

  • 7+ years of relevant experience

Desired:

  • 10+ years of relevant experience

PHYSICAL DEMANDS:

Standing

5% per day

Sitting

100% per day

Walking

5% per day

Stooping

5% per day

Lifting

Exerting up to 10 pounds of force occasionally and/or negligible amount of force frequently or constantly to lift, carry, push,bpull or otherwise move objects. Repetitive motion. Substantial movements (motions) of the wrists, hands, and/or fingers. The worker is required to have close visual acuity to perform an activity such as: preparing and analyzing data and figures; transcribing; viewing a computer terminal; extensive reading.

Computer Work

70% per day

Telephone Work

10% per day

Reading

10% per day

Other, please specify

Travel unassisted up to _5__% per year, via common carrier and/or personal automobile.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

If you need an accommodation seeking employment with DSS, Inc., please email jobs@dssinc.com or call (561) 284-7373. Accommodations are made on a case-by-case basis.

Required profile

Experience

Level of experience: Expert & Leadership (>10 years)
Spoken language(s):
English
Check out the description to know which languages are mandatory.

Other Skills

  • Collaboration
  • Problem Solving
  • Analytical Thinking
  • Mentorship
  • Communication
  • People Management

Related jobs