Application Security Architect

POSITION ROLE

Contract

POSITION DESCRIPTION

We are seeking an experienced Application Security Architect, who interfaces with technical and non-technical

teams to identity product security risks and develop solutions to eliminate or minimize them. The candidate

should have a deep understanding of application security vulnerabilities and mitigation strategies. He or she will

drive the creation and maintenance of applications / products security standards, guidelines and procedures

along with conducting application penetration testing, performing architecture / design and code reviews, and

vulnerability assessments. Analyze software architecture, design and implementations from a security

perspective, and identify and resolve security issues. You will be responsible to guide the security engineers

delivering appropriate security analysis, defences and countermeasures at each phase of the software

development lifecycle, to result in robust and reliable software.

The position is based in Victoria (Client Location).

QUALIFICATIONS

• A minimum of 8 years’ experience leading application security functions in a fast-paced, multi-project and multi-customer IT environment.
• Bachelor’s degree in Computer Science, IT, Information / cyber security or in a related field.
• Minimum 8-10 years of experience in the field of security in the following areas : security engineering, incident response, system, application and network security, vulnerability management, threat modelling, penetration testing, intrusion detection, firewalls and encryption technologies.
• 8-10 years of experience with at least 2-3 years of experience in a similar role, and 3+ years of experience in one or more of the following roles - application architect, system architect, software developer, system administrator
• Minimum 5+ years of experience in the information security field with exposure to audit, risk management, data privacy, and regulatory and compliance practices.
• Preferred certifications : CISSP, CISM, SANS GIAC.
• Knowledge and experience of cloud infrastructure security; Azure, AWS, Google Cloud.
• Knowledge and experience working with various security frameworks (e.g., ISO / IEC 2700x, NIST CSF, COBIT, OWASP) and audit frameworks (SOC 2).
• Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation.
• Software development experience in one of the following core languages : Ruby on Rails, SQL, HTML, Java, Javascript and .NET
• Experience with modern Web Application Frameworks e.g. J2EE / Rails / .Net, Spring Boot, Web Services (SOAP / WSDL or REST / WADL), WCF, Service Oriented Architectures) and of network / web related protocols.
• Solid understanding of application and database security concepts and architectural principles around authentication, authorization, session management, configuration management, data handling and cryptography
• Thorough understanding of web and mobile application security vulnerabilities, including but not limited to the OWASP Top 10 list of vulnerabilities
• Experience in providing solutions to and leading numerous security vulnerability remediation activities
• Experience with penetration testing for applications both manually and automated (commercial or open source)
• Specific experience in dynamic application security testing using techniques and tools like Burp Suite, Nikto, Appscan, Paros, Fiddler, WebInspect, Skipfish, etc.
• Experience working in a government applications environment, with exposure to mobile application platforms is an added advantage
• Experience and ability to maintain security in a fast-paced development environment that is driven by the agile methodology.
• Experience in or exposure to risk management methodologies is a nice to have.
• Very good understanding of networking and operating system concepts and technologies, aldong with a prior experience as a developer of code would be an asset.

PRIMARY RESPONSIBILITIES

Duration

COMPETENCIES

Customer Orientation

Effective performers stay close to customers and consumers. They view the organization through the eyes of the customer / consumer and go out of their way to anticipate and meet customer / consumer needs.

Team Management

Effective performers create and maintain functional work units. They understand the human dynamics of team formation and maintenance. They formulate team roles and actively recruit and select to build effective work groups.

High Standards

Effective performers possess a high inner work standard and shows pride in their work. They consistently strive to ensure work is complete within deadlines and that all work performed is of a high quality.

Organization & Planning

Effective performers have strong organizing and planning skills that allow them to be highly productive and efficient. They manage their time wisely and effectively prioritize multiple competing tasks. They follow through on tasks to ensure changes in technology are communicated effectively.

Results Orientation

Effective performers maintain appropriate focus on outcomes and accomplishments. They are motivated by achievement, and persist until the goal is reached. They convey a sense of urgency to make things happen. They respect the need to balance short- and long-term goals. They are driven by a need for closure.

Communicativeness

Effective performers recognize the value of continuous information exchange and the competitive advantage it brings. They actively seek information from a variety of sources and disseminate it in a variety of ways. They take responsibility for ensuring that their people have the current and accurate information needed for success.

Change Mastery

Effective performers are adaptable. They embrace needed change and modify their behaviour when appropriate to achieve organizational objectives. They are effective in the face of ambiguity. They understand and use change management techniques to help ensure smooth transitions.

Business Thinking

Effective performers see the organization as a series of integrated and interlocking business processes. They understand how their work connects with and affects other areas of the organization.

Relationship Building

Effective performers establish and proactively maintain a broad network of relationships (e.g. colleagues, co-workers, vendors, suppliers, etc.). They value these relationships and work effectively across the organization by maintaining positive working relationships with peers and others.