X

This website uses cookies to help provide a better user experience.

By checking this box, you consent to that use and our Privacy Policy.

Application Security Architect

Location: Broomfield, CO

Data Management

Overview

This role would be responsible for running static & dynamic scans within the SDLC, resource would also be responsible for working with developers to remediate the findings, provide fix recommendations and train the developers to implement secure coding practices


Responsibilities

  • Dynamic vulnerability assessments
  • Static vulnerability assessments
  • Mobile vulnerability Assessments
  • Training & Empowering Developers on Security principles & coding practices
  • Define security in design requirements in software development & work with developers to bake it in the design
  • Perform hands on Application Security assessments using commercial & open source tools
  • Configure scans & establish baseline scans
  • Able to perform vulnerability False positive analysis & triaging, articulate issues to developers and provide the guidelines to fix it
  • Provide remediation governance
  • Integrate deeply into R&D teams and processes
  • Vulnerability Research & Discovery.
  • Develop in-depth security architecture, design and coding standards across infrastructure, application and data security, to drive a standardized set of security requirements, and align with internal policies and meet external compliance/regulatory requirements.
  • Work with multiple engineering teams to carry out Application Security Reviews.
  • Provide expert advice and consultancy to internal customers on risk assessment, threat modeling and fixing vulnerabilities.
  • Define information security controls and patterns that support risk assessments and support the development of secure architectures.
  • Being a trusted security leader and advisor to engineering team leadership team in driving application security initiatives and secure product development.
  • Address bottlenecks, provide escalation management, anticipate and make tradeoffs and balance the business needs versus technical constraints.
  • Security training and outreach to internal development teams
  • Security guidance documentation
  • Security tool development
  • Security metrics delivery and improvements

Qualifications

  • Computer Science, Engineering, or CIS Degree
  • Experience coding in multiple language including .Net, AWS Developer tools
  • Knowledge of AWS native security and infrastructure tools.
  • In-depth knowledge of application security concepts, best practices and methods
  • Knowledge of security best practices, principles, and common security frameworks, such as NIST, ISO, OWASP, etc.
  • Understanding of security by design principles and architecture level security concepts.
  • Knowledge of current and emerging security technologies, threats and techniques for exploiting security vulnerabilities.
  • Experience with methodologies and tools, for threat analysis of complex systems, such as threat modeling and software fuzzing.
  • Knowledge of developer tools and environments, project management and bug tracking systems.
  • Experience building secure software based on frameworks such as OWASP, CWE, SANS
  • Experience with various application security tools including SAST, SCA, DAST, Penetration testing, Fuzzing etc.
  • Experience in implementing and integrating security tools into CI/CD.
  • Experience with process improvement, automation release management, and system development life cycle (Waterfall and Agile).
  • Communication, presentation and analytical skills along with the ability to thrive in a dynamic environment and handle multiple priorities.
  • Experience engaging with and advising at the leadership level, and training developers

ZOLL Data Systems appreciates and values diversity.  We are an Equal Opportunity Employer M/F/D/V. 

 

ADA: ZOLL will make reasonable accommodations in compliance with the Americans with Disabilities Act of 1990.