Software Security Architect
At Mercer, we make a difference in the lives of more than 110 million people every day by advancing their health, wealth, and careers. We're in the business of creating more secure and rewarding futures for our clients and their employees - whether we're designing affordable health plans, assuring income for retirement or aligning workers with workforce needs. Using analysis and insights as catalysts for change, we anticipate and understand the individual impact of business decisions, now and in the future. We see people's current and future needs through a lens of innovation, and our holistic view, specialized expertise, and deep analytical rigor underpin each and every idea and solution we offer. For more than 70 years, we've turned our insights into actions, enabling people around the globe to live, work, and retire well. We embrace a culture that celebrates and promotes the many backgrounds, heritages and perspectives of our colleagues and clients. At Mercer, we say we Make Tomorrow, Today. Visit www.mercer.com for more information and follow us on LinkedIn and Twitter @Mercer
Mercer LLC and its separately incorporated operating entities around the world are part of Marsh & McLennan Companies, a publicly held company (ticker symbol: MMC).
The purpose of this role is to support Mercer's Information Security program through the development and maintenance of software across our lines of business. This role will support Mercer's secure-by-design program to embed security throughout our product development lifecycle. The Software Security Architect must be forward thinking, able to work effectively with limited supervision on security related tasks and projects to drive results and build positive relationships with coworkers and development teams.
- Develop Mercer's secure-by-design product development standards for emerging technology stack.
- Define product development security standards that complement Mercer's agile continuous integration and deployment DevOps model.
- Enhance Mercer's existing secure software development practice to align to micro-service strategy.
- Work closely with product development colleagues to determine areas for integration of processes and collaboration. Provide expert-level support for the business in areas of secure development
- Develop metrics to track and report on trends in secure product development.
- Support new technology and infrastructure investigations and proofs of concept
- Support Mercer Next Generation application and data platform by providing guidance on security by design
- Review software related project and product material to guide and ensure selection, development and implementation of secure solutions in alignment to Mercer's security standards and requirements.
- Work with Mercer Product Development and Delivery team and Enterprise architects to meet application and data security requirements
- Identify opportunities to enhance the portfolio of cyber security controls and capabilities.
- Develop secure coding processes and support related static and dynamic testing solutions, including evaluating and selecting new testing technologies.
- Prepare application security metrics and performance indicators by collecting, analyzing, and summarizing data and trends for executive teams.
- Manage the vulnerability assessment and remediation activities, including tracking and monitoring applications and other activities to maintain secure state.
- Provide direction on software security fixes and drive and monitor remediation progress.
- Create and deliver training materials to software development organizations across the company.
- Conduct security research to keep abreast of latest security issues. Track and understand emerging security vulnerabilities and best practices related to secure software development.
- Evaluating opportunities to analyze and integrate threat information and indicators into the existing product development process.
Meet Some of Marsh & McLennan Companies's Employees
Contract Review Specialist
Nancy reviews the contracts her clients either offer or receive from vendors, taking care to monitor the insurance requirements on the provided services.
Back to top