Security Architect

Role : Product Security Architect

Responsibilities

• Prepare, publish, and institutionalize security best practices and guidelines
  across products. Ensure adoption and compliance.
• Review product security requirements and security design documentation. Participate in reviews throughout the product development cycle.
• Provide solutions for vulnerabilities and ensure reusable solutions are available across products. Work with Product Security Champions to mitigate or document vulnerabilities and obtain exceptional approvals if necessary.
• Conduct threat modeling design reviews and signoffs. Help mitigate WAF blockers during UAT/Production phases and work with Product Security Champions for product fixes.
• Maintain product-wise scanning status reports and conduct periodic audits on security processes followed by product development teams.
• Evaluate tools, technologies, and processes needed for secure product development as part of DevSecOps. Continuously improve product security and processes.
• Review third-party products and work with the Externally Obtainable Product (EOP) review team for approvals.
• Provide training and coaching on best practices, WAF analysis, and threat modeling to Product Security Champions

Knowledge, Skills and Abilities

• 10-18 years of hands-on experience as a Software Architect with .Net , RDBMS and full stack application design and development. Good knowledge of OWASP and other industry standards.
• Extensive experience working as Product Security Architect with software engineering experience
• Good knowledge of cloud security architecture, design , Cloud-Native Security, Cloud Security Posture Management , Data Security in the Cloud (Advanced Concepts),Zero Trust Architecture in the Cloud,Multi-Cloud and Hybrid Cloud Security,Security for AI/ML in the Cloud
• Good knowledge of OS, network security, firewalls, routers, IDS/IPS, data encryption, and related tools/technologies.
• Build application security architecture for products/services developed using containers. Knowledge of containers, network isolation, secure engineering practices, and identity and access management is preferred.
• Experience using tools such as Veracode, Acunetix, Sonarqube and others. Provide solutions for managing these DAST, SAST and Pen Test vulnerabilities.
• Experience with Azure Cloud and Azure DevOps, CI/CD integrations
• Understanding and Implementing the Security Shift Left Concept

Job Requirements

• Bachelor’s Degree in computer science, Information Science, Software Engineering, or related discipline, or equivalent work experience.
• Minimum of 10+ years of software development experience and 5+ years of experience as Software Architect with deep knowledge on Product Security
• Preferred to have Industry industry-recognized Security certification such as CCSP, CASP etc.
• Preferred to have any industry certification on Security
• Preferred to have healthcare industry experience