Architect , Application Security
Automation Anywhere is a global leader in Robotic Process Automation (RPA), empowering customers to automate business processes with intelligent software bots – AI-powered, digital workers that perform repetitive and manual tasks, resulting in dramatic productivity gains, optimized customer experience, and more engaged employees. The company offers the world's only cloud-native, web-based intelligent automation platform combining RPA, artificial intelligence, machine learning and analytics. Automation Anywhere has deployed nearly 3 million bots to support some of the world's largest enterprises across all industries in more than 90 countries. For more information about our portfolio, please visit us at www.automationanywhere.com.
We have an exciting opportunity for an experienced Application Security Architect with hands-on experience in software composition analysis (with BlackDuck tool), code review, architecture design review and vulnerability analysis to help improve the security of our software offerings and continue to shape the foundation and maturity of our application security program.
The Application Security Architect works closely with development, product management, customer service and other teams across the organization to integrate security into the product development lifecycle from design through deployment. Reporting to the Director of Cloud Security, this person will be a subject matter expert in defining security requirements and release criteria, performing application security assessments, providing developers with remediation guidance and triage advice, and monitoring product security metrics to track program improvements
Triage the vulnerabilities with developers coming from different sources (source code, third-party libraries, hosted applications, containers).
Responsible for performing manual scans on different platforms and reporting the vulnerabilities to developers/engineers.
Need to integrate security tools in CI/CD pipeline.
Partner with engineering and product teams to continuously develop, maintain and mature the Secure Development Lifecycle program at Automation Anywhere
Work with product management and development leads to design optimal security practices when developing new application functionality
Conduct application security architecture reviews on new and existing applications and offer plans for remediation
Work with development and QA teams to ensure the use of secure coding practices and verification methods
Conduct manual and automated application security testing, source code auditing and penetration testing for a variety of technologies and code-types
Act as a Subject Matter Expert in the discovery and investigation of critical security vulnerabilities, providing detailed risk and remediation guidelines
Work with customer success and field teams to help answer security RFP and vulnerability risk questions with regards to product security
Create metrics to demonstrate the effectiveness of our application security program and advise management on continuous program improvements
What We’re Looking For
7 years of a strong background in application security engineering, software development and architecture, in a cloud-production environment
Experience in threat modeling, static and dynamic application security testing, open-source security testing, developer security training/workshops, etc. with an expert level understanding of application security threats, attack techniques, and mitigation.
Demonstrated track record of driving improvements to a company’s engineering and development life cycle security posture, experience in integrating application security into the SDLC, remediating vulnerabilities, developing and providing security training
Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security
Ability to triage, reproduce, and communicate recommendations for vulnerabilities
Experience with cloud service providers and their offerings preferred AWS or GCP
Experience with at least one of the following languages: Java, JS, .NET, node js (good to have)
All unsolicited resumes submitted to any @automationanywhere.com email address, whether submitted by an individual or by an agency, will not be eligible for an agency fee.