Senior Application Security Architect

Description

As the largest provider of IT services, Leidos develops and sustains large data and technology infrastructures and integrates complex law enforcement IT system for several US federal agencies. At Leidos we offer engaging careers, a collaborative culture, and support for your career goals and growth. This role would be serving a federal law enforcement agency in Clarksburg, WV with remote work possible.

We are seeking a talented and experienced Senior Application Security Architect on our team. The ideal candidate will be responsible for designing and implementing secure application architectures within an enterprise environment, encompassing cross-platform technologies, integrating security into CI/CD systems, ensuring compliance with security standards including NIST and OWASP, and leveraging experience in REST, Python, Perl, JAVA, and PowerShell. This role will be part of a strategic application security team which is part of a larger team that is responsible for defining and enforcing the organization's secure application development lifecycle.

• Design and implement secure application architectures across various enterprise environments and cross-platform technologies.
• Integrate security into CI/CD pipelines, automating security testing and code analysis processes.
• Conduct security architecture reviews of existing and new applications, identifying potential vulnerabilities and weaknesses.
• Provide security guidance and best practices to development teams throughout the Software Development Life Cycle (SDLC).
• Perform threat modeling to identify potential attack vectors and prioritize security efforts.
• Define security requirements for applications and APIs, ensuring compliance with NIST, OWASP, and other relevant security standards.
• Review code (in languages like Python, Perl, JAVA) for security vulnerabilities and provide remediation guidance.
• Configure and utilize application security testing tools (SAST, DAST, etc.) to automate vulnerability detection.
• Collaborate with infrastructure and operations teams to ensure secure deployment and configuration of applications.
• Develop and maintain secure coding guidelines and best practices for developers.
• Evaluate and recommend new security technologies and tools to enhance application security.
• Stay up-to-date with the latest application security threats, vulnerabilities, and mitigation techniques.
• Mentor and train developers on secure coding practices and application security principles.
• Document security architectures, designs, and standards.
• Participate in security incident response and provide guidance on application-related security issues.

• Bachelor's Degree in Software Engineering, Computer Science, Information Systems
• Management, Cyber Security or other related discipline, or equivalent experience; additional years of experience may be considered in lieu of a degree
• 6+ years of prior relevant experience
• Certified Web Application Penetration Tester (CWAPT) or Certified Application Security Specialist (CASS) required
• Previous System Administration, Developer, and Web services experience in an Enterprise Environment utilizing cross platform technologies
• Demonstrated knowledge of networking and virtualization technology, such as OpenStack, RHEV, etc
• Experience with Continuous Integration/Continuous Deployment (CI/CD) systems in line with configuration management and Secure SDLC best practices
• Experience in information system compliance with government standards and industry best practices, including NIST, OWASP, Common Criteria, DISA and SANS Institute
• Documented experience in REST, Python, Perl, JAVA and PowerShell
• Ability to research and learn both independently and as part of a team
• Must have reliable internet access
• Must be a US Citizen to apply
• DOD Top Secret Clearance is required

• Master's Degree preferred
• 4+ years of prior relevant experience with a Master's degree
• Documented experience is preferred in as many of the following programming languages, web services, and applicable software stacks as possible: SOAP, Apache Struts, Websockets, Java Message Queue, RPC over HTTP, WIA (Windows, IIS, ASP.NET), C, C++, C#, Node.js, JavaScript, Pega, Groovy, LAMP (Linux, Apache, MySQL, PHP), AMP (Apache, MySQL, PHP), JOLT (Java, Oracle, Linux, Tomcat), and LAMJ (Linux, Apache, MySQL, JSP Servlets).
• Experience with Cloud Service Providers (CSPs), AWS and Microsoft Azure
• A minimum of 6 years of experience managing and understanding cloud based infrastructures