Application Security Architect
Job Location: Melbourne CBD & Inner Suburbs
Application Security Architect
We currently seek an experienced Application Security Architect to deliver Information Security related and other technology initiatives, and ensure applications are fully protected against present or future threats, and breaches.
You will act as a trusted advisor and, as a Subject Matter Expert be a key contributor to various technology projects and assignments.
- Knowledge and understanding of Threat Modelling methodologies and Common TTPs in modern and agile applications and common countermeasures and defensive controls used in large enterprises
- Familiarity and understanding of the MITRE ATT&CK framework
- Knowledge and understanding of modern application architectural styles and design patterns (e.g. Micro-services, Micro front ends, Service Mesh, Backends-For-Frontends, container-orchestration, OAuth2.0 and OIDC enabled web services)
- Demonstrated and extensive experience as a security architect with proven capability in developing Security domain architectures and domain roadmaps.
- Understanding of cryptographic protocols, authentication / authorisation, and secret / key management
- Experience in the OWASP Top 10 application security risks and Software Assurance Maturity Model (SAMM).
- Experience in assisting organisations with planning and implementing complex cloud architecture solutions.
- Experience in working with DevSecOps and containers technologies such as Kubernetes.
- In depth testing experience (SAST and DAST) and knowledge of incorporating CI/CD controls into environment.
- Experience in developing security solution architecture and designs for security initiatives to deliver new or uplifted enterprise security capabilities
- Experience with deployment orchestration, automation, and security configuration management (Jenkins, Puppet, Chef, etc) preferred.
- Experience in performing threat modelling and design reviews to assess security implications and requirements for introduction of new technologies.
- Demonstrated strong leadership and management skills and the ability to secure results through others.
- Experience in working with industry compliance and security standards such as PCI DSS, ISO 27001, NIST CSF and APRA CPS 234.
- Proven experience planning and delivering security solutions and integrating into large infrastructure project
- Experience in end-to-end management of issues related to security through all phases including planning, testing, design and implementation.
- Experience with development of technical requirements and architecture designs.
- Provide insight and guidance to senior management and the executive board around findings and technical improvements to be made.
- Minimum of 8+ years’ experience of direct Information Security experience and 3+ years of direct application security and penetration testing experience.
- A security industry certification is required including but not limited to CISSP, CSSLP, GIAC Certified Web Application Defender, GWEB, OSCP, and CREST.
- Architecture certifications such as SABSA or TOGAF is preferred.
If you have the above expertise and want to join a technology driven organisation, please hit the apply button below, or for more information please call Jason at Aurec.