Application Security Architect

Summary

Join EVOTEK, a leading digital business enabler, as an Application Security Architect. You will ensure the security of company applications and services by implementing best practices. Key responsibilities include performing secure testing, coordinating with various departments, and conducting risk analysis. The ideal candidate possesses a strong understanding of application security, software development lifecycles, and security testing tools. Competitive salary, performance bonuses, and a comprehensive benefits package are offered, including 100% paid medical, dental, and vision insurance, 401(k) matching, flexible PTO, and flexible working arrangements.

Requirements

• Understanding of different compliance frameworks and their implications in building secure software
• Ability to identify solutions for common security problems while participating in a broader agile Application Security team
• Effective understanding of security industry best practices such as protocols, cryptography, authentication, authorization, and secure application programming
• Comprehensive understanding of software development lifecycle models as well as secure coding techniques
• Proficiency in the use of application security testing tools (e.g., SAST, DAST, SCA, IAST, WAF)
• Strong written and verbal communication skills to both technical and non-technical personnel

Responsibilities

• Perform secure program testing, review, and/or assessment to identify potential flaws in codes and mitigate vulnerabilities
• Coordinate with product, engineering, and other departments to support secure outcomes, while building out the product security knowledge base
• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change
• Responsible for designing and evaluating application security in all phases of the application life cycle
• Apply coding and testing standards, apply security testing tools and conduct code reviews
• Determine and document software patches or the extent of releases that would leave software vulnerable
• Ability to triage, reproduce, and recommend remediations for vulnerabilities
• Translate security requirements into application design elements including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria
• Identify basic common coding flaws at an elevated level while consulting with engineering staff to evaluate interface between hardware and software
• Develop threat model based on customer interviews and requirements and consult with customers about software system design and maintenance
• Effectively communicate security threats to non-technical stakeholders
• Apply secure code documentation while improving practices and maintenance

Preferred Qualifications

A mix of relevant certifications in key areas would be helpful (but not required): CSSLP, CISSP, CASE

Benefits

• Salary commensurate with years’ of experience, technical expertise and geographic location. Salary range: $150,000 to $200,000
• Performance bonuses
• Benefits package that includes 100% paid medical, dental and vision for the employee
• 401(k) with employer match
• Strong company culture
• Flexible PTO policy
• Flexible working arrangements
• Annual company overnight retreat