This is a full time position to work as a Product Security Architect based in Bay Area, USA . As a Product Security Archit...
This is a full time position to work as a Product Security Architect based in Bay Area, USA . As a Product Security Architect, you will work very closely with our Product Management and Engineering teams. You will focus on secure development methodologies and mechanisms for products for the entire development lifecycle, including architecture, design, development, QA & security testing, release, maintenance and operations. You will also focus on driving software security maturity and driving effective integration and adoption of best practices, latest methods & techniques in identifying design flaws and software issues.
- Overall a minimum of 12 years of total relevant Software/IT experience with security technologies
- At least 3 years as an SW developer. Prior hands-on experience in Java, Python, Go is preferable.
- Should be able to write scripts to automate activities during the product development lifecycle and enable DevSecOps.
- At least 3 years as a system architect for complex systems and at least 2 years of software security experience as a security architect, with good knowledge of threat modeling process.
- An understanding of Security Architecture frameworks such as SABSA, TOGAF (latest version with Security and Risk Integrated), NIST CSF, and others
- Strong familiarity with OWASP TOP 10 vulnerabilities for web applications, SANS 25 and CWEs
- Familiarity with OWASP TOP 10 vulnerabilities for Mobile applicationsExposure to emerging technologies such as IoT, Blockchain, client and server-side scripting languages (Angular,node.js, etc.), MongoDB, and security in the context of these niche areas.
- Strong background in Security Operations - Infra, network, application, physical, information
- Knowledge of security testing process and tools for SAST, DAST, CVC, Tech Stack scan, Host, and Network PT. Awareness about IAST and RASP is nice to have.
- Advantage: At least 1-2 years experience with container technology and cloud technology and associated security and working in agile. Exposure to Mobile security is preferable.
- Advantage: Conducting penetration tests using manual and automatic testing methodologies
- Knowledge of SIEM and usage of OSS SIEM analysis tools for threat analysis and hunting and awareness of OSINT
- Knowledge of IDS, IPS, WAF, EDR, and defense-in-depth technical strategies
- Great communication and leadership skills - (Ability to communicate with a Developer, a Manager or Director, and Customers)
- Security Policies Governance - Writing policy, standard, and guideline documentation. Familiarity with ISO27001/34/GDPR, PCI DSS, PA DSS
- Strong DevOps/DevSecOps/Agile/Project Management Skills
- Relevant Industry-standard certifications such as CISSP, CEH, GSEC, and others are desirable.
1) Years of experience required for position 10-12
2) Location for the position Bay Area, CA
Contact Details: | +1
Techaxis Inc. is headquartered in Northern Virginia, USA. We are ranked #3294 in Inc 5000 and #105 in Inc 5000 DC Metro Series, SWaM, and WBE Certified technology talent search firm.
Equal Opportunities Employers:
Our clients provide equal opportunities to all its employees and all qualified applicants for employment, without regard to their race, caste, religion, color, ancestry, marital status, sex, age, nationality, disability, and veteran status. Employees of our clients are treated with dignity and in accordance with their policy to maintain a work environment free of sexual harassment, whether physical, verbal, or psychological. Employee policies and practices are administered in a manner that would ensure that in all matters equal opportunity is provided to those eligible and the decisions are merit-based.
- provided by Dice