Security Architect
Earnest- Full Time
- Expert & Leadership (9+ years)
Candidates should possess a Bachelor’s degree in information security or an equivalent combination of education and work experience, along with six years of industry experience combining mainstream information security roles and application development. Preferred certifications include CISSP, CISM, or Security+ and strong collaboration skills and analytical ability are required. Deep knowledge of application or infrastructure systems architecture, typically involving experience with multiple system technologies, is also necessary.
The Lead Security Architect will serve as a subject matter expert in Application Security Architecture, partnering with Application teams to provide consultation and secure their CI/CD implementation. As an SME in DevSecOps, they will provide security architecture guidance in tool selection, accelerate application migrations to the cloud, and ensure ‘secure by design’ principles are followed. The role involves carrying out complex initiatives, evaluating and selecting technologies, promoting expertise sharing, and guiding the development of application or infrastructure architectures. Additionally, the Lead Security Architect will thoroughly understand decision process issues related to technology choice and possess experience related to application development and DevOps, including a strong understanding of CI/CD pipelines and secure application development methodologies, as well as experience with security tools related to DevSecOps such as SAST, DAST, and IAST. In-depth knowledge of various cybersecurity frameworks, standards, and SDLC, along with experience related to vulnerability management, is also expected, particularly concerning OWASP top vulnerabilities and the MITRE framework, and knowledge of WAF, App Proxy, and other relevant technologies.