APPLICATION SECURITY ARCHITECT

Our client is the largest provider of healthcare benefits software in the United States.  The company’s solutions reduce costs, expand market share, ensure compliance, and improve customer satisfaction.  Their solutions are sold to Employers and Health Plans. On behalf of our client, we are looking for an APPLICATION SECURITY ARCHITECT. The position is located in Charleston, South Carolina and pays a competitive salary and provides a comprehensive package of benefits.  The company will pay for relocation to Charleston.

As the Application Security Architect you will provide vision and leadership for application security as it supports our business.  You will work closely with the engineering organization to create innovative security solutions for our systems and educate our engineering team on secure application development.  Additionally, you will play a key role as you provide both strategic and tactical security leadership and develop technology solutions which promote securing customer data including examining new and existing technologies.  Responsibilities include identifying and understanding the networks, infrastructure, software, middle-ware and development practices that make them successful in order to identify the security issues that can put our data at risk, and then building solutions and mitigations to help resolve those risks. 

Responsibilities include:

• Guide the security of applications by participating in design reviews, SDLC, and in depth security penetration testing of our code and systems. 


• Provide input on application design, secure coding practices, log forensics, log design and code security.


• The ideal candidate will have in-depth experience protecting against web services security vulnerabilities including cross-site scripting, SQL injection, DoS attacks, business logic, java, .NET and APIs. 


• Maintain an ongoing process of evaluation and testing for compliance with established security design standards.


• Ensure security testing measures are integrated into the quality assurance program


• Lead the effort to provide on-going training and awareness regarding application security to development, quality, and architecture teams.


• Act as a technical resource and communicate security vulnerabilities while also providing recommendations to address or mitigate associated risk


• Represent security interests on project teams by ensuring security standards and requirements are defined as part of the deliverables.


• Participate in security testing and application assessments


• Develop and implement information security policies and procedures.


• Provide planning and review of system and network designs to ensure compliance with company security policies and security best practices.


• Define application hardening; assist in the audit of security configurations for compliance and implement solutions to prevent identified variances from re-occurring.


• Evaluate new products, methods, and technologies to protect against existing and emerging security threats.


• Provide configuration tuning, troubleshooting services and incident response for security infrastructure where needed.


• Work with sensitive, confidential and/or proprietary information while maintaining the highest level of confidentiality, professionalism, and ethics.


• Identify and resolve complex issues and develop innovative solutions to achieve both business and technology goals while maintaining appropriate security.

Basic Qualifications

• Bachelor's degree.


• 5+ years of broad work experience including administration, engineering and security.


• 3+ years of experience in application security design.


• Ensure security standards are built into the SDLC.


• Strong understanding of OWASP Top Ten and WASC Threat Classifications.


• Extensive programming and application development experience in multiple languages such as Java, .NET, and scripting language.


• Experience with Application Security testing tools and methodologies.


• Knowledge of security and privacy requirements such as PCI, SOX, SAS-70, HIPAA, and Privacy regulations.


• Must be willing to relocate to Charleston, SC.


• Applicants must submit a writing sample.

Additional Qualifications

• Ability to work on multiple projects simultaneously and balance conflicting demands


• Strong sense of professionalism, integrity and ethics


• Ability to combine technical skills with an understanding of business needs to successfully protect assets


• Excellent communication, presentation, and leadership skills


• Ability to demonstrate strategic thinking


• Extensive problem solving and analytical skills


• Proven ability to communicate effectively, both verbally and in writing to technical and non-technical audiences


• A post secondary education is strongly preferred, graduate work a plus


• CISSP, SANS GIAC, security+, MCSE or equivalent certifications a plus


• Familiarity with multi-platform environments and their operational/security considerations.

Candidates meeting the above-mentioned qualifications, may email their resumes as an attachment in MS Word to Amy Watts, Executive Recruiter, at amyw@mspsearch.com or may call 216-751-0984 for additional information.