Application Security Architect
Reporting to the Director of Network and Security, the Application Security Architect is responsible for establishing, communicating and enforcing the standards for application security, including software development standards, implementation standards and architectural principles and for working with software and enterprise architects to ensure adherence to appropriate security standards.
- Work with software architects to develop secure software development framework
- Develop application security policies and standards that comply with industry best practices and meet all appropriate legal and regulatory compliance standards
- Research security solutions and options for various Cloud application hosting platforms
- Develop catalogue of standard secure architectures for different deployment types, including web servers, mobile applications, internal DMZs, etc.
- Liaise with Enterprise and Software Architects and integration teams to ensure that all applications are implemented with appropriate adherence to security standards.
- Recommend appropriate solutions, components and development frameworks for new systems • Incumbent will be the primary contact point representing Security for teams developing any new applications
- Participate in the review and approval of new systems implementation or development from the security perspective.
- Coordinate application penetration testing for all new and existing applications
- Work with various IT teams to remediate security vulnerabilities
- Work with internal and external auditors to provide evidence for audits and to remediate any gaps relative to application architecture and implementation • Work in a cooperative manner with the IT Organization
- Perform other duties as assigned to support company
Minimum 8 years of working experience in IT combined with Bachelor’s degree in Computer Science
- Hands-on programming experience in software development in common programming environments including .NET, PHP, Java, Python
- Experience with Secure SDLC, DevOps, Microservices and integrated digital solutions
- Deep knowledge of application authentication and encryption including key management, IAM,
OAUTH and SAML
- Experience with secure web application and mobile application development
- Experience with application penetration testing
- Experience with static code scanning tools and dynamic scanning
- Experience with secure coding and secure software development lifecycle paradigms defined in OWASP, ISO27001 and/or NIST frameworks
- Experience with PCI DSS compliance and the relevant requirements for application and system architecture.
- Experience with best practices for security controls, solutions and architectures for common cloud platforms such as Azure, AWS and Office365
- Experience with HIPA/PHIPA compliance regulations and practical ways of ensuring compliance with information privacy requirements
- Relevant experience in auditing based on PCI DSS and ISO 27001 information security framework is an asset.
- Strong interpersonal skills; highly motivated and directed.
- Excellent communication skills, both written and verbal.
- Strong customer service orientation.
- Experience working in a team-oriented, collaborative environment.
- Strong organization and time management skills
- Demonstrated experience in an audit role
- A closely connected culture
- Competitive compensation, pension, benefits, personal days, employee discounts, and vacation time
- Fully utilizing your talent
- Professional growth and development via challenging projects and assignments
- Warm feelings knowing you have helped your community, your team, the business and social causes