3 Penn Plaza East
Job Category: Information Technology (IT)
Job Number: 4894
APPLICATION SECURITY ARCHITECT NEWARK, NJ
WalkerHealthcareIT is seeking a Security Architect for a client located in Newark, NJ. This is a contract to hire position.
JOB SUMMARY SECURITY ARCHITECT:
The Application Security Architect will partner with Enterprise Architects, Engineers, and Developers to develop a deep technical understanding of the technology ecosystem. The incumbent will lead architecture reviews, create threat models, and identify risks. A successful architect will advise IT, business owners, and technical teams on options to mitigate risk and facilitate data-based decision making. The candidate must have excellent verbal and written communication skills and must have experience creating reusable documentation.
• Review application architecture and recommend security related enhancements
• Model attack vectors and recommend security controls to mitigate risk
• Capture project and security knowledge and contribute to reference architecture pattern creation
• Participate in security technology evaluation
• Drive design of application security elements and frameworks
• Plan, design, develop, and maintain security technologies, diagrams, processes, and procedures
• Develop and implement enterprise-wide and cross-functional integration solutions
• Conduct technology reviews to ensure computer systems are built to reference security architecture principles
• Help build security into infrastructure and architecture designs and guide implementation with the operations team
• Create and deliver knowledge sharing presentations and documentation to security, developers, and operations teams
EDUCATION SECURITY ARCHITECT
Requires bachelor' s degree in computer science or information security
EXPERIENCE SECURITY ARCHITECT
PREFERRED EXPERIENCE SECURITY ARCHITECT
- 6+ years of professional business experience in IT and/or Information Security or a Master' s degree in Information Security, Computer Science, Information Management Systems, or in related field with 4 years of professional work experience in IT and/or Information Security.
• Requires a minimum of 2 years of experience in application/product security, enterprise security architecture, and/or threat modeling or architecture risk analysis.
• Application security tools such as: HTTP and TCP proxies, fuzzers, scanners, debuggers, simulators, etc.
• Common vulnerabilities in the OWASP top 10 list
• Familiarity with at least one traditional threat modeling framework, such as STRIDE, DREAD, PASTA, OCTAVE, etc.
• Strong familiarity with common web application architectures such as three-tier, microservices, single-page app, etc.
• Protocols/technologies like SOA, HTTP, SSL/TLS, LDAP, JDBC, Servlet/JSP, SQL, HTML, XML
• Amazon Web Services (AWS), Microsoft Azure, Docker, and/or Kubernetes
• Encryption standards
• Authentication and Authorization standards such as Oauth 2.0, OpenID Connect (OIDC), and SAML 2.0
- Prefer BA/BS degree from an accredited college or university in Information Security, Computer Science, Information Management Systems, or in related field.
- CISSP, SANS/GIAC Certifications, AWS Certifications are preferred.