Application Security Architect

Aliso Viejo, CA
$150,000 – $160,000

• Work as the lead to design, implement and govern the overall security architecture of the products.
• Aligning the secure development lifecycle to industry standards, including Microsoft SDL, OWASP development guides, PCI standards and PII related topics.
• Certifying the products to engineering security standards, e.g. PCI PA-DSS, PCI P2PE, FIPS etc.
• Perform proof-of-concept and proof-of-technology testing for integrating new 3rd party security products into the development and deployment processes.
• Design and deploy state-of-art technology to meet the business needs and interface with business units regarding technical planning and network security topics.
• Lead the implementation of proposed solutions while interfacing with the Project Management Office (PMO) to ensure the coordination, communication and successful delivery of projects.
• Leading the integration of security engineering automation tools, as SAST and IAST.
• Develop and maintain security procedures and guidelines for the product.
• Manage relationships and interactions with human resources, legal, customers and internal audit departments.
• Bachelor’s Degree in Computer Science or related field. Equivalent work experience will be considered.
• Software development background of 4 -7 years.
• Security certifications are desirable, e.g. CISSP, CSSLP, CEH etc.
• Hands on PCI and PA DSS Certification.
• Retail, financial, healthcare payment transaction processing software vulnerabilities and authentication testing.
• Experience with E-Commerce payments integration/ security issues.
• Payment Device integration or support, e.g. Verifone, Equinox, Ingenico etc.
• Payment Processors or Switch integration or support, e.g. First Data, Chase Paymentech, ACI, etc.
• Soft skills – effective communication (internal, customer, legal counsel), collaboration (internal, external) and effective written skills (white papers, vulnerability specifications etc.).
• Active participation in cybersecurity forums/conventions, e.g. DEFCON, Black Hat. Public speaking is a plus.


Comments are closed.