POSITION TITLE
Application Security Architect
POSITION LOCATION
Richmond, VA
Your role as an Application Security Architect will be to provide leadership regarding security and governance for application development on both physical datacenter and cloud environments. You will be responsible for creating and monitoring adherence to policies and standards for the development and administration of secure software and related technologies and standards. In your role, you will work closely with key IT and business stakeholders as well as third parties, as needed. As an ideal candidate, you will rely on extensive experience with application security and security compliance to enhance and manage the company’s application security program.
What you will be doing
- Ensure the company’s application security policies and standards follow best practices based on National Institute of Standards and Technology (NIST) and other relevant standards and frameworks.
- Translate security and technical policies into actionable requirements.
- Communicate security risks to different audiences ranging from business leaders to application development teams.
- Define, publish, maintain and execute application security governance processes.
- Own day-to-day life cycle management, including identification, threat assessment, threat modeling and risk avoidance.
- Serve as a subject-matter-expert and lead evangelist for Application Security; act as a first point of contact for critical issues, security risk assessments and triaging CI/CD issues with partners and stakeholders.
- Work with architecture, engineering, and application teams to advise on secure design for applications in areas such as data protection, key management, authentication, and authorization and to ensure security.
- “Shift-Left” and work with DevOps teams to create policy as code.
- Participate in working groups with other subject matter experts to define and review security standards and guidelines.
- Research and stay up to date on the latest security threats and trends.
- Analyze threats to application security and design solutions to mitigate those threats.
- Develop and execute projects to enhance application security measures.
- Provide guidance and oversight for the correction of discovered vulnerabilities.
What you bring
- Bachelor's degree in Information Technology, Computer Science, or related degree or equivalent years of experience.
- 7+ years demonstrated cybersecurity experience.
- Strong understanding of cybersecurity risks, technical control implementation, and at least one industry standard cybersecurity frameworks (NIST 800-53, NIST CSF, ISO 27001, etc.).
- In-depth knowledge of application security.
- Expertise in infrastructure, system and application design and implementation using data, web, mobile, cloud, and open-source technologies.
- Expertise with the Software Development Life Cycle (SDLC) process.
- Experience with results interpretations of Dynamic Application Security Testing (DAST) reports.
- Experience with at least one Static Application Security Testing (SAST) tool (e.g., CheckMarx, HP Fortify SCA, Coverity, Veracode, FindBugs, other), its use, reports results interpretation, developer community support in remediating verified code-associated security vulnerabilities.
- Knowledge of potential risks involved in application transitions from on-premises to cloud.
- Capacity to work in a team environment, excellent interpersonal and communication skills.
- Demonstrated project management experience.
- Strong ability to influence decision makers and drive consensus.
Preferred Qualifications:
- Familiarity with big data security solutions
- Leadership Experience
- Knowledge of Open Security Architecture (OSA), The Well Architected Framework, and OWASP Application Security Verification Standard (ASVS)
- Demonstrated ability to act as a thought leader in Cloud security for your existing organization
- Commitment to continuous improvement and innovative approaches
Employee Benefits & Well-Being
Genworth employees make a difference in people’s lives every day. We’re committed to making a difference in our employees’ lives.
- Competitive Compensation & Total Rewards Incentives
- Comprehensive Healthcare Coverage
- Multiple 401(k) Savings Plan Options
- Auto Enrollment in Employer-Directed Retirement Account Feature (100% employer-funded!)
- Generous Paid Time Off – Including 12 Paid Holidays, Volunteer Time Off and Paid Family Leave
- Disability, Life, and Long Term Care Insurance
- Tuition Reimbursement, Student Loan Repayment and Training & Certification Support
- Wellness support including gym membership reimbursement and Employee Assistance Program resources (work/life support, financial & legal management)
- Caregiver and Mental Health Support Services