This position is for a IT Security Architect with extensive experience with Devops, Cloud, Application Security and OWASP.

This is a senior position and we are looking for someone with 10+ years of experience required.

Required skills:

• Strong Application Security lead with exposure to static analysis, dynamic analysis, threat modeling, and DevSecOps
• Should have run application security programs dealing with hundreds to thousands of applications for an enterprise
• Strong cloud security knowledge with exposure to AWS/Azure/GCP and exposure to AWS KMS, Trusted Advisor, Vault
• Exposure to BDD Security, reliability engineering would be a plus.
• Extensive experience dealing with IBM AppScan, WebInspect, Fortify SCA, Fortify App Defender, Checkmarx, ZAP, OWASP App Sec projects

Desired skills

• Auto provisioning experience using one or more of Ansible/Chef/Puppet/Vagrant/Terraform
• Knowledge of Container Security using Aqua/Twistlock/Dagda/Docker bench would be a plus
• Heavy on DevOps (talking about CI/CD stacks, for example)
• Cloud-based (AWS / Azure)
• Application Security (AST, DAST, IAST)
• Understand the SDLC and “Shift Left” models
• OWASP / SANS GIAC
• Heavy background in tools
  • HP Fortify / WebTrends / OneTrust (maybe)
  • Tufin / Veracode / CAST / NowSecure / Black Duck / Brakeman
  • OWASP-ZAP / GauntIT / Nessus / NMap / BDD / GitHound
• CISSP/CCSP preferred