Application Security Architect (42723)

I'm looking for an Application Security Architect with a passion for protecting applications from modern threats. In this role, you’ll perform security assessments, guide development teams on secure coding and configuration, and steer external partners to remediate vulnerabilities. Your deep knowledge of OWASP Top Ten, SANS CWE Top 25, SDLC methodologies, and practical experience with code reviews, penetration testing, and vulnerability scanning will be critical. ISO 27001, NIST, or vendor-specific certifications are a bonus. 

🚀 Project
- working with various stakeholders across the organization to ensure security of applications throughout their lifecycle, considering industry best practices, regulatory requirements, and organizational needs
- steering external partners in conducting comprehensive security assessments of applications, identifying vulnerabilities, and recommending appropriate remediation strategies
- collaborating with development teams to effectively integrate security controls and measures into the application development process
- defining and enforcing application security policies, standards, and procedures, ensuring compliance with internal and external security requirements
- staying up to date with emerging security threats, vulnerabilities, and industry trends related to application security, and assessing their potential impact
- providing guidance and support to development teams on secure coding practices, secure configuration management, and vulnerability remediation
- acting as a subject matter expert and providing guidance on application security to stakeholders, management, and executives
- handling any other Security Architecture topics relevant to project deliverables
- staying abreast of industry standards and frameworks such as OWASP, SANS, and NIST, and incorporating relevant practices into the application security program
- developing and maintaining strong relationships with key vendors and strategic external partners

🎯 Skills
- proven experience working as an Application Security Architect or in a similar role, with a focus on securing applications (threat modelling etc)
- strong knowledge of application security principles, including secure coding practices, input validation, authentication, access controls, and encryption
- experience with application security standards and frameworks, such as OWASP Top Ten, SANS CWE Top 25, and secure software development lifecycle (SDLC) methodologies
- hands-on experience with security testing techniques ideally including code review, vulnerability scanning, and penetration testing

💡 Nice to have
- knowledge and experience of industry standards such as ISO 27001, CIS Controls, NIST, Cyber Essentials
- certification or accreditation in Information Security (CSSLP, CISM, CISA, CISSP, etc.,) and/or relevant vendor specific certifications