Application Security Architect
Imperva is looking to hire an: Application Security Architect
The role is a critical part in our Engineering Security team and entire DevSecOps program. Application Security Architect will be working very closely with the leading architects, product, and engineering teams to provide continuous support is secure product architecture and design, lead Imperva’s product security activities, make risk mitigation recommendations, and suggest and review solutions. This is a key position in the process of building the security culture in the product development organization.
- Conduct security design reviews and threat modelling to existing and new software products and features developed internally, as well as for different 3rdparty and open source technologies.
- Provide vulnerability remediation guidance and mentoring to product development software engineers.
- Drive security solution design for the security architecture framework (e.g., credential management, access provisioning, authentication and authorization, data security, network security, application security, infrastructure security, security monitoring, and operations security)
- Define and evangelize application security best practices.
- Deliver system security architecture diagrams and security architecture specification per security architecture standards.
- Design applications, integrations, and automation to improve security operations and governance.
- Support deployment of automated security tools throughout the development lifecycle.
- Maintain an active understanding of industry practices for secure software development and incident response.
- Work with different entities in the enterprise to ensure compliance with corporate rules.
- Take an active part in the company architectural forums and provide the security perspective in new initiatives and projects.
- Explore about relevant regional or information related regulations and there relevancy to the product line.
- Research of new technologies, architectural trends and security practices.
- Training and mentoring peers, Dev and DevOps engineers.
Education and Experience:
- Sc in Computer Science, Software Engineering or Electrical Engineering with related specialization.
- Minimum 3 or more years of related work experience – could be either intense software architecture with security context or vast application security experience.
- Relevant courses and certifications
Knowledge and Skills
- Understanding of Software Security Architecture and Design, SDLC and the ability to clearly articulate best practices for application security
- Vast experience in running threat modelling for complex systems.
- Experience with the OWASP Top 10 and SANS 25, how to identify and remediate them
- Ability to define problems, collect data, establish facts and draw valid conclusions and solutions
- Technical knowledge of access control mechanisms, intrusion detection and prevention, encryption, digital certificates and trust-based authentication
- Experience in securing Linux-based OS, containers and K8S.
- Experience in working with software development groups and development executives.
- Strong analytical and research skills
- Advanced interpersonal skills, including conflict resolution and virtual team management
- Advanced communication skills catered to a wide variety of audiences. (e.g. written, verbal, presentation); mastery in English and local language
- Advanced multi-tasking, and prioritization skills
- Experience with public cloud environments and technologies, including Amazon Web Services (AWS) or other
- Experience in DevOps environments and automating security controls into the CI/CD process
- Vast Information security knowledge in different areas:
- Implementation of application security controls.
- Operating Systems security
- Solid understanding of Information Security including understanding of IT Security frameworks, policies, standards and technologies – ISO27001/SOX/PCI/SOC2 etc.