Senior Application Security Architect (VP Level)
Location: NY or Dallas | Remote open to consideration
Compensation: $180,000 - $220,000 + 40% - 50% annual cash bonus
Tier 1 Investment Bank currently focusing on developing one of the strongest Security teams across the US. They are seeking to bring on a VP of Application Security with a great understanding of developing threat models, leading application security risk assessments, having strong tooling knowledge, and having good engineering background.
In this role, you will be reviewing Software Architecture designs and helping identify detrimental architecture flaws earlier in the SDLC. You will be required to leverage your Application Security knowledge to guide developers and architects on how to build secure software on-prem and in the cloud.
- Perform software architecture design reviews for on-prem or cloud deployments.
- Serve as an Application security liaison for the developers and architects in the respective Business Unit.
- Review security assessment reports from pentest and code review engagements.
- Develop secure architecture design patterns.
- Mentor other junior members of the team.
- Bachelors or Masters degree in Computer Science or any related degree
- 5+ years' experience in one or more technical roles (focusing in application security).
- Strong experience in performing Threat Modeling or Secure Design Reviews.
- Knowledge of AppSec Vulnerabilities such as: OWASP Top 10 and Cloud Security Gaps
- Understanding of security standards like OWASP Testing Guide, OWASP ASVS, NIST, and Sans Top 20
- Experience in penetration testing of web, thick-client, or mobile applications and application vulnerability assessments.
- Have experience working on AppSec tools like Fuzzer, Scanners, Debuggers, Decompliers, Proxies, Simulators, etc.
- AWS experience preferred; able to recommend security best pracitces and secure deployment patterns.
- Understands Core Cryptography Concepts like Encryption, Hashing, HMAC, Digital Signatures and how they are applied and attacked in web applications
- Able to analyze common banking protocols in OAuth, SAML, OIDC in their flows and interactions in a systen design to evaluate gaps
- Ability to identify threats, abuse cases, and gaps in the design before it is implemented.
- Knowledge of network, application and operating system security risks.