Senior Application Security Architect- Remote or Hybrid
Nice to meet you!
We’re a leader in data and AI. Through our software and services, we inspire customers around the world to transform data into intelligence - and questions into answers.
We’re also a debt-free multi-billion-dollar organization on our path to IPO-readiness. If you're looking for a dynamic, fulfilling career coupled with flexibility and world-class employee experience, you'll find it here.
About the job
The Product Security team in our R&D division is looking for a Senior Application Security Architect to contribute to software security design efforts across all of Research and Development. Successful candidates will solve complex technical problems, work closely with engineering teams, and communicate clearly and effectively with technical audiences. This position requires a diverse set of skills in application security, software development, and systems architecture. Your success will depend on your cooperative skills in working with R&D architecture and engineering teams across SAS.
As a Senior Application Security Architect, you will:
Work with development teams in building secure products and secure assessments of products in our pipelines.
Review application architecture, identify security gaps, and help improve the security posture of business-critical multi-tier applications in legacy, hybrid cloud, and public cloud environments with refactoring and promotions between the environments.
Perform periodic secure design and coding assessments to diagnose, triage, and propose remediations for vulnerabilities and weaknesses in code and applications, considering code, design, and deployment.
Work with Product Management to ensure changes are consistent with business objectives and customer requirements.
Plan evolutionary paths for secure SAS software architectures, incorporating dependent third-party architectural changes and new technology adoption.
Identify, train, and partner with champions for security in engineering and product teams.
Support security champions by helping them assess risk, learn to identify architectural gaps, and similar activities.
Create secure engineering documentation, guidance, and similar collateral.
Coach and train teams in topics related to security architecture, threat modeling, and secure coding.
Mentor other security architects on the team.
Collaborate with other teams within security to identify new tools and processes to integrate into the Secure software development lifecycle.
Recommend and promote software security policies, standards, and procedures that influence the global security posture of the company.
Ensures all applicable security policies and processes are followed to support the organization’s secure software development goals.
Required Qualifications
8 years of secure software development, secure system architecture and design, or related experience.
4+ years of experience in developing or adopting software security best practices.
Bachelor's degree with major study in Data Communications, Electrical Engineering, or Computer Science. SANS, GIAC, or ISACA certification, CEH, CCSP, CSSLP, CISM, or CISSP certification.
Knowledge of current Global Enterprise security risks.
2+ years of recent or current software development experience in order to review code and be comfortable in guiding developers towards security practices.
Experience with one or more of the following programming languages: Python, Java, JavaScript, C/C++, PHP, SQL, Golang.
Expertise in securing enterprise web applications and familiarity with OWASP Top 10, CVSS, CWE and SANS-25.
An equivalent combination of related education, training and experience may be considered in place of the above qualifications.
You’re curious, passionate, authentic and accountable. These are our values and influence everything we do.
Preferred Qualifications
Experience with Azure (preferred), AWS, GCP, Oracle, or IBM.
Experience with Software Security tools, such as: Veracode, Snyk, Black Duck, Metasploit, Checkmarx, SonarQube.
Experience with Web Application Security Tools, such as: ZAP, Wfuzz, Grabber, Burp, Vega, W3af.
Knowledge of and experience with auditing, implementing, and supporting DevSecOps.
SAS is the founder and future of analytics. It all began when curious minds set out to answer some big questions. Is there a better way to analyze data? How can we turn data into intelligence? Who might benefit from our technology? Lines of code were the key to something extraordinary. Now SAS has customers around the world. We analyze billions of rows of data every second that change the way we work and live. Through innovative AI and analytics, SAS provides knowledge in the moments that matter.