GreenSky Administrative Services LLC

Application Security Architect

Job Location(s) US-GA-Alpharetta
Posted Date 2 weeks ago(4/2/2021 1:34 PM)
Job ID
2021-4525
# of Openings
1
Category
Information Technology

Overview

Position:  Application Security Architect

Job Summary:

GreenSky is looking for an Application Security Architect to design, implement and maintain a security reference architecture within our products and software development lifecycle.

 

This role is responsible for developing, communicating and enforcing application security standards at both the application and code layer as well as coordinating penetration testing and ownership of various code vulnerability scanning tools. This role will partner with Product, Development, Fraud Risk and the business to ensure security requirements are documented and enabled using a risk based approach for all relevant workflows.

 

This role must demonstrate exemplary judgement in gauging the risk of gaps, formulating both short and long-term business and security goals as well as being organized. The role requires an individual to be able to effectively and clearly communicate to peers and leadership. A strong sense of ownership and customer success is necessary for the individual to succeed in these duties.

 

Location:  Remote or Alpharetta, GA

 

Organizational:  This position is a member of the IT Security team and reports directly to the Chief Security Officer.

 

Duties & Responsibilities

  • Formalize and evangelize security architecture framework for consumer and internal facing applications in a financial services environment.
  • Develop in-depth security architecture, design and coding standards across cloud, application and data security.
  • Drive a standardized set of security requirements that align with internal/industry standard/regulatory requirements.
  • Serve as the technical point of contact for development as it relates to automation, CI/CD and products being developed and deployed into the cloud.
  • Define technical and functional security requirements covering areas of application and software design.
  • Identification of application and API workflows to ensure enforcement of security architecture.
  • Creation and coordination of application testing schedules organized by application and/or risk.
  • Coordinate manual and automated penetration testing of web sites, API’s, systems and networks.
  • Perform security risk assessments for all proposed application related changes.
  • Discovery, documentation, and communication of vulnerabilities to peer group and leadership.
  • Assist with vulnerability prioritization and provide guidance on resolution.
  • Engagement in the full application lifecycle across a number of lines of business.
  • Provide application and cloud security related coaching and mentoring to associates in Product, Development and IT.

Required Skills/Qualifications

  • Bachelor’s degree in a relevant field, or an equivalent combination of education and work experience.
  • Knowledge in understanding various domains such as security architecture, system and network security, authentication and authorization protocols, cryptography, and application security.
  • Understanding of security by design principles, architecture level concepts, security frameworks (NIST and PCI), OWASP, etc.
  • Experience with various application security tools including SAST/DAST, penetration testing, etc.
  • Experience securing cloud infrastructure and cloud applications in AWS and Azure.
  • Knowledge of current and emerging security technologies, threats and techniques for exploiting security vulnerabilities in the code or application.
  • Experience in analyzing threats of cloud and application components.
  • Experience in implementing and integrating security tools into CI/CD.
  • Experience with data security and governance.
  • Experience in development and scripting languages (Java, Javascript/Typescript, Python, PHP).
  • Experience with securing API’s to external entities.
  • Experience with Web Application Firewalls.
  • Knowledge of Agile and Scrum processes.

 

Preferred Qualifications:

  • Experience in OWASP Top 10, CVE/CVSS research and/or bug bounty recognition.
  • Security certifications such as CISSP, CASE, CASS, CSSLP, CEH or equivalent.
  • Knowledge of fuzzing, memory corruption and exploit development.
  • Ability to clearly communicate gaps and risks to leadership through verbal dialogue or written communication.
  • Ability to train peers and provide mentorship to apprentice engineers.
  • Demonstrable teamwork skills and ability to partner in difficult situations.
  • Ability to be proactive in a rapidly changing environment.
  • Sharp analytical abilities and proven design skills.

 

GreenSky is an equal opportunity employer and will not discriminate against any employee or applicant on the basis of age, color, disability, gender, national origin, race, religion, sexual orientation, veteran status, or any classification protected by federal, state, or local law.

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed