Application Security Architect in Atlanta, GA at HUNTER Technical Resources

Date Posted: 7/8/2019

Job Snapshot

Job Description

  • Gaining an understanding of our current security policies, current state and target state architecture and then working to define a strategy for our technical direction. 
  • Develop Security Architecture for highly scalable and fault-tolerant applications that adhere to expected standards and discipline from a security posture. 
  • Work with our product organization to develop secure business requirements, develop the security architecture and integrate into our longer term platform strategy. 
  • Work directly with project development teams to enable successful project implementation applying the recommended security tools, technologies and techniques.
  • Provide expertise to project team engineers as needed. 
  • Work with the Architects and SRE groups to design and implement policies and procedures, which will ensure secure application coding and deployment standards. 
  • Provide technical and architectural oversight for systems and projects that are required to be reliable, massively scalable, highly available and maintainable. 
  • Introduce best practices and principles to enable consistent delivery and enable alignment with long-term direction. 
  • Facilitate communication with cross-functional groups. 
  • Stay up to date on new tools & techniques in the information security space. 
  • Conduct proof of concept activities with key business users in support of advanced use cases. 
  • Promptly respond to all security incidents and providing thorough post-event analyses 
  • Perform system threat analysis, including application software, deployment infrastructure and third-party integration points. Identify and implement required security controls (monitoring, penetration tests, and security audits). 
  • Provide subject matter expert (SME) support to internal product development teams. Help to evaluate strengths and vulnerabilities of security feature(s)/solution(s). 
Required Skills 
  • Broad understanding of technological and procedural aspects of securing all layers of the cloud-based systems: Cloud Network Security, Microservices, Web and Mobile Application Security, API Security, Data Security. 
  • Strong understanding of the underlying technologies and infrastructure used on the new platform (GCP, AWS, Kubernetes, Docker, RDS/DBMS, Kafka, OAuth2 Password and Key Management, User Access Management, Data Encryption, Protocol Level Security and Cryptographic Algorithms). 
  • Hands-on experience with cloud application design & development, micro-service architecture, Java/Spring based security frameworks. 
  • Working knowledge of secure coding, monitoring and testing tools. 
  • Practical experience of defining and documenting security policies and procedures - risk mitigation, change management, password and key management, security monitoring and incident response policy. Ability to perform threat analysis and familiarity with industry accepted frameworks (OWASP). 
  • Experience with security certification programs is a plus (PCI, SOX, PII, SAS70) 
  • Experience deploying and integrating into SIEM systems. (ELK, Splunk) 
  • Experience working with Agile development methodologies 
  • Strong understanding of VPCs, Security Groups, WAF and other related security products. 
  • Solid understanding of security protocols, cryptography, authentication, authorization and security 
  • Experience implementing multi-factor authentication, single sign-on, identity management or related technologies 
  • Experience interacting with a broad cross-section of personnel to explain and enforce security measures 
  • Experience in Data Security: At Rest, In Flight, In Use.