Security & Privacy Architect/Coach - 3 PM Shift

Job Overview

Security & Privacy Architect and SDL Coach

Security & Privacy Architect

Key Responsibilities

Code Analysis, Scanning, and Remediation

• Security Tool Configuration

  : Configure and operate security scanning tools (e.g., Snyk, Grit, Checkmarx, Coverity, Mend etc.) to scan applications and interpret results to identify potential security flaws.

• Static and Dynamic Code Analysis

  : Perform static and dynamic code analysis to identify vulnerabilities in the source code. Help App teams in adopting best practices.

• Vulnerability Remediation

  : Work directly with development teams to guide them in resolving identified vulnerabilities and promote secure coding practices.

• Issue Prioritization

  : Prioritize critical security issues and escalate them for immediate remediation when necessary.

Security & Privacy Architecture

• Security Assessments

  : Conduct in-depth security assessments to identify potential attack vectors, vulnerabilities, and risks in the application architecture and source code.

• Recommendations

  : Provide actionable recommendations to development and architecture teams to address security gaps and ensure compliance with security standards.

• Security Design

  : Assist in the design of secure application architectures that meet both business and security requirements.

SDL Coaching and Best Practices

• SDL Awareness

  : Conduct

  Security Development Lifecycle (SDL) Coaching and Assessments

  with development teams to raise awareness of security practices and ensure they align with best security practices.

• Security Best Practices Adoption

  : Guide teams in adopting and integrating Security practices into their SDLC, focusing on secure coding, testing, and deployment.

• Coaching & Mentoring

  : Provide ongoing coaching and mentoring to developers to help them understand the importance of security throughout the development process.

Compliance Lead (CGA, PCI, CPP)

• Regulatory Compliance

  : Participate in security risk assessments and ensure that applications comply with relevant industry standards and regulations (e.g., PCI-DSS, CGA, CPP).

• Audit Preparation

  : Assist application teams with preparation for security audits, providing guidance before and after audits to address any issues.

• Documentation

  : Ensure that all security compliance requirements are well documented and tracked.

Research and Continuous Improvement

• Threat Intelligence

  : Stay updated on the latest security threats, vulnerabilities, and emerging trends in application security to proactively mitigate risks.

• Tool & Framework Evaluation

  : Evaluate new security tools, frameworks, and technologies that can improve the effectiveness of security code scanning and remediation. Conduct comparative analysis and provide recommendations.

• Process Improvement

  : Continually assess and improve security processes within the development lifecycle to enhance overall security posture.

Required Qualifications

• Experience

  : 8+ years of experience in application security, including hands-on experience with code analysis, security testing, and risk assessments.

• Technical Skills

  :
• Strong understanding of secure software development practices.
• Familiarity with security tools such as Snyk, Grit, Checkmarx, Mend and other static/dynamic code analysis tools.
• Knowledge of security vulnerabilities (e.g., OWASP Top 10, CVEs) and remediation techniques.
• Experience with common security frameworks and methodologies (e.g., OWASP, NIST, CIS, PCI-DSS).
• Proficient in at least one programming/scripting language (e.g., Python, Java, C#, JavaScript).

• Compliance Knowledge

  : In-depth understanding of industry compliance standards such as PCI-DSS, CGA, and CPP.

• Communication Skills

  : Excellent written and verbal communication skills with the ability to interact with technical and non-technical teams alike.

Preferred Qualifications

• Certifications

  : CISSP, CISM, CISA, or equivalent security certification is highly preferred.

• Experience with Cloud Security

  : Knowledge of security best practices in cloud environments (AWS, Azure, GCP).

• Experience with DevSecOps

  : Experience with integrating security practices into DevOps pipelines and workflows.