Title: Application Security Architect – Informatica - Redwood City, CA
URL : https://careers.informatica.com/jobs/IT09263/Application-Security-Architect
Your Responsibilities:
This is your chance to build and nurture an Application Security Program from the ground up. Bring your expertise and know-how in the application security space and become a thought leader for the organization. There is exciting risk ahead! You will design and build Informatica’s application security capabilities for our products and internal applications. Key responsibilities include:
- Lead application security advisory, solution architecture, and consulting to internal projects of varying size. Lead team and vendors to develop secure solution in support of business needs. Provide security review and certification to ensure best practice and quality delivery of all technical solution that meet security requirements.
- Consult with R&D and Operations teams in application security reviews, coding best practices, maintaining standard security libraries, and performing penetration testing where appropriate.
- Leverage off-the-shelf, open source, and custom built application security assessment tools to identify deficiencies and suggest more secure coding techniques.
- Analyze application code for logic flaws and suggest more secure coding techniques.
- Develop and manage Web Application Scanning (WAS) program as well as help maintain our cloud and on-premise Web Application Firewalls.
- Proficiently develop solutions in various languages, such as Java, .Net, C/C++, Python, PERL, and alike.
- Provide expert advice and consultancy to internal customers on risk assessment, threat modeling and fixing application level vulnerabilities.
- Mentor teams on application vulnerabilities, defects, technical controls, risks, and other complex security matters.
- Work with application development leadership to develop a global secure software development training curriculum.
- Engrain security into Informatica’s culture and business processes through cross-organizational working groups, product security guidance, training, engineering, sales enablement and automation.
Your Qualifications
- 7 or more years of relevant experience in Information Security, with at least 5 years involved in software development, application security, and automation
- Undergraduate degree in Engineering-related, Computer Science or Information Security disciplines; advanced degree a plus
- Experience with high-level programming languages (e.g. Java, C, C++, C#, Python) and web application development (JavaScript, PHP, ASP)
- Familiarity with secure coding frameworks and best practices such as BSIMM and OWASP
- Familiarity with Cyber Kill Chain or Attacker Lifecycle
- Seasoned security expert with hands on experience with IaaS, PaaS, and SaaS providers such as AWS, Azure, Force, and alike.
- Full understanding of securing DevOps or continuous deployment/integration environments, and common security techniques and tools including system and application hardening
- Ability to work on complex issues where analysis of situations or data requires an in-depth evaluation of variable factors. Exercises judgment in selecting methods, techniques and evaluation criteria for obtaining results.
- Demonstrate excellent communication skills, analytical ability, strong judgment, and the ability to lead teams in successfully partnering with IT Operations and R&D. Ability to communicate compliance related concepts to a broad range of technical and non-technical staff.
- Able to present analysis and recommendations in a clear and compelling manner to both technical and non-technical audiences, including the Information Security Leadership team.
- Track record of improving the security posture in dynamic environments with diplomacy and earning the reputation as a business partner
- Demonstrated success working with product development, internal audit, external auditors, security researchers, and legal affairs
- Must demonstrate a proven ability to lead and motivate people, set targets and monitor achievements in delivering quality security services.
- CISSP, GIAC, CEH certifications or equivalent experience