Information Security Architect
Location: Atlanta, GA
Pay Range: Up to $85 an hour, W2 only.
This is a 6 month contract or can be contract to hire. The manager is looking for someone with 10 + years of progressive Security experience. Someone with solid knowledge of Application Development and Application Security. Someone who is up to speed with the latest trends and technology in Application Development around security for mobile, C#, .Net and Java.
As the Application Security Architect, you will support improving software applications and systems security. The architect will work to minimize the possibility that coding, design, or configuration security vulnerabilities could work their way into production environments, presenting a potential point-of-compromise.
The Security Architect will maintain involvement in the organization’s Software Development Life Cycle (SDLC) process, and liaise with business and technical performers. The Security Architect will review project documentation, research and reference security policy, render recommendations and guidance, approve or reject project artifacts from a security perspective, and perform other tasks in the pursuit of securing systems, processes, and software applications.
- Responsible for providing technical expertise on secure software development and support of all associated activities, processes, and tools for protecting technology-based information.
- Provides consulting services and security support to internal business and technical customers.
- Reviews, develops, tests, and implements security plans, products, and control techniques.
- Reviews circumstances surrounding data security incidents and designs corrective actions.
- Documents security policies and procedures where/when needed.
- Provides implementation support for risk assessment and data security procedures and products.
- Evaluates new and proposed security systems, products, and technologies.
- Maintains awareness of security and technology trends and shares that knowledge with others.
- Assists with the development of secure coding standards.
- Serves as a project process security shepherd.
- Supports safe and compliant deployments.
Minimal Required – Skills / Experience / Qualifications
- Strong professional experience with at least one Static Application Security Testing (SAST) tool (e.g., HP Fortify SCA, Coverity, Veracode, FindBugs, other), its use, reports results interpretation, developer community support in remediating verified code-associated security vulnerabilities. Product configuration & tuning experience a plus.
- Professional experience as a software application developer in a leading development language (e.g., Java, .NET, C/C++), having performed web-based or mobile application development.
- Professional experience with software application security, and its associated standards and practices.
- Professional experience with securing mobile devices and applications (e.g., understanding attack vectors, system or code vulnerabilities).
- Professional experience with popular operating systems such as Microsoft Windows and/or *nix.
- Professional experience with popular system databases such as Oracle, MS SQL Server, or MySQL.
- Professional experience with processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering, and protecting organizational data.
- Professional experience with security policy, its interpretation, reference, and usage when delivering opinions, recommendations, and guidance.
- Possessing a good understanding of software design standards, principles, and practices.
- Possessing a general understanding of information security risk management (ISO\IEC 27001:2013,
- Octave-Allegro, ISO\IEC 31000, FAIR).
- Possessing awareness and knowledge of PCI DSS 3.0, GLBA, SOX, COBIT, ISO\IEC 27001:2013 and/or NIST CSF standards.
- Possessing a Bachelor's degree in Computer Science, Engineering, Information Systems, Information Security, Mathematics, Physics, or a related discipline.
Desired – Skills / Experience / Qualifications
- Experience with the results interpretation of Dynamic Application Security Testing (DAST) reports.
- Possessing a good understanding of risk management, security architecture, common design flaws/weaknesses, and vulnerability analysis.
- Payments industry, banking, or financial sector experience.
- Experience with software security testing tools (e.g., OWASP Zap).
- Possessing security-centric certifications such as CSSLP, or CISSP, or other associated certifications.
- Possessing a Master's degree in Computer Science, Engineering, Information Systems, Information Security, Mathematics, or a related technical field.
General – Skills / Experience / Qualifications
- Strong planning, execution, interpersonal, organizational, and communications skills.
- Strong technical, logical, analytical, and problem-solving skills.
- Team-oriented player, self-directed, confident, personable, professional