Principal Application Security Architect

Description POSITION SUMMARY:
This is not yourtypical Security Architecture role. Application Security Architects at Stapleshave a deep knowledge of application software development, including automatedbuild and delivery techniques. They focus on the highest-profilemission-critical applications and engage across multiple product teams toprovide security guidance throughout the requirements, design, and implementationphases of the development lifecycle. The role is a focal point of expertise inweb application defense.

RESPONSIBILITIESSPECIFIC TO ROLE:

  • Forge close partnerships with product teams to understand and mitigate application security risk and threats in critical software components
  • Work with security industry experts designing application security assessments for internal applications involving static test automation and manual architecture, code, and Secure Development Lifecyle process review
  • Assist in defining the set of required application security controls, associated standards, and training material for internally developed IT applications
  • Lead product team implementations of application security controls and provide training and direction for team security champions
  • Provide communication to leadership and product teams on the threat landscape, application security controls, and secure coding practices
  • Specify application security testing requirements to be included within applicable testing frameworks

Qualifications KNOWLEDGE/SKILLREQUIREMENT:
  • Bachelor's Degree or related equivalent work experience
  • BS degree or equivalent experience required
  • Minimum 10 years of experience in Information Technology related fields
  • 2+ years of experience in Security
  • Strong development andarchitecture background
  • Experience developingweb/mobile applications using common web technologies (Java, Javascript)
  • Expert in applicationsecurity and secure coding practices
  • Experience workingwith Agile development methodologies
  • Ability to executeanalytical problem decomposition and solution design
  • Strong written andoral communication skills
  • Ability to influenceand educate application development teams, product management, and leadership

PREFERRED SKILLS:
  • Familiarity with PCI, PII and other GRC concerns
  • Industry training in web application defense, enterprise defense, and/or penetration testing
  • Certification in the above a plus
  • Experience with industry standard SAST/DAST security scanning tools such as IBM AppScan, Checkmarx, Veracode, Fortify, Rapid 7
  • Experience with development frameworks and technologies such as Angular, node.js, C#, .net, Azure, Android and iOS development
  • Demonstrated experience in assessing solution risk via design and code review
  • Experience in deploying web application components in public cloud environments
  • Familiarity with cloud technology, containers, and micro-service architecture
  • OWASP membership and participation a plus

Staples is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, or any other basis protected by federal, state, or local law.


Back to top