Tuesday, January 31, 2017

Security Architect

Title: Security Architect 
Location: San Jose
Duration: Full Time

Primary Responsibilities
• Lead application security framework
• Provide security requirements for test-driven design
• Routinely deliver metrics report of the application security status
• Integrating security tools, standards, and processes into the product life cycle (PLC).
• Help train development and QA teams to an appropriate level of security knowledge.
• Improve and support application security tools such as static analysis, runtime testing tools.
• Improve development standards
• Participate in architecture review where security expertise is needed
• Routinely perform code reviews, penetration tests and standards gap analysis of existing and new services – internal and partners
• Stay on top of third-party and open source activities to ensure development meets company standards

Job Requirements

• Proven hands-on work experience as a software security engineer is a must.
• Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation
• Can translate security concepts into language that is meaningful to business and technical leaders and individual contributors.
• Candidates must be able to approach application security from the perspective of risk management and avoid purely academic thinking about software security.
• Demonstrable ability to influence decision-making processes at all levels of a large organization will be critical to success.
• Candidates must have strong leadership skills to lead highly technical individuals.
• Candidates must have excellent verbal and written communication skills. Experience speaking in public forums and writing/contributing to technical publications is a plus.
• Candidates should have experience integrating secure development practices into both waterfall and agile development processes.
• The ideal candidate has experience writing and testing web applications and web services in the following programming languages: C/C++, Java, and JavaScript. Embedded experience is a plus.
• The candidate should have familiarity with a variety of development and testing tools, including: Eclipse, GCC, JIRA, Confluence, Subversion, Maven, ClearQuest/Case, Silk, FindBugs, Client/Fortify SCA, IBM AppScan, Client WebInspect, Veracode.
• Candidates must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to any audience, and discuss effective defensive techniques. Knowledge of embedded security models such as HSM is a plus.
• Candidates must have experience planning multi-year roadmaps.
• Familiarity with industry standards and regulations including PCI, FFIEC, SOX, and ISO27001 is desired.BS degree in Computer Science or related field


Bachelor's degree or higher in Computer Science is preferred.Title: Lead, Application Security Engineer
Alex McChester
Technical Recruiter, Mondo
(310) 905-2410
Los Angeles, CA 90045