Company: Verizon Location: Ashburn, VA Employment Type: Full Time Date Posted: 01/11/2021 Expire Date: 03/31/2021 Job Categories:
Accounting/Auditing, Architectural Services, Arts, Entertainment, and Media, Computers, Software, Construction, Mining and Trades, Information Technology, Internet/E-Commerce, Law Enforcement, and Security, Quality Control, Research & Development, Web Technology
Application Security Architect
When you join Verizon
Verizon is a leading provider of technology, communications, information and entertainment products, transforming the way we connect across the globe. We’re a diverse network of people driven by our ambition and united in our shared purpose to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.
Diversity and Inclusion at Verizon
At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.
What you’ll be doing...
The Verizon Corporate Information Security (CIS) organization securely enables the business by protecting assets and information across Verizon networks, infrastructure and applications. CIS integrates cybersecurity governance, policies, technologies and operations across Verizon, and works to incorporate security into the design of technology systems and services..
The Information Security Architecture team focuses on the design and implementation of security reference architecture across the Verizon enterprise. We partner with the IT and business teams to generate new security standards, controls, and processes to protect Verizon systems and data. We heavily focus on new and emerging cloud technology as well as advising our internal customers on implementation of new security controls and products that align with industry best practices. We are looking for an experienced Application Security Architect to join our team.
Contribute to the development of security architecture and design, for a wide range of hardware/ software products and services, built for Verizon business and consumer markets.
Contribute to the definition of secure-SDLC (system development lifecycle) and product security maturity model, to adopt a shift-left approach to security.
Develop security controls and processes for products developed and deployed in cloud, container, and big data environments.
Develop in-depth security architecture, design and coding standards across infrastructure, application and data security, to drive a standardized set of security requirements, and align with internal policies to meet external compliance/regulatory requirements.
Perform threat modeling, conduct reviews of security architecture and platform/service designs, and audit source code and API configurations.
Drive open innovation in product security best practices through industry collaboration.
Provide application and infrastructure security related coaching and mentoring to elevate security expertise of development teams.
What we’re looking for...
You'll need to have:
Bachelor’s degree or four or more years of work experience.
Four or more years of relevant work experience.
Experience in development and application security.
Even better if you have:
Experience in managing and securing big data platforms such as Big Query and Hadoop.
Experience in managing and securing container platforms such as docker and Kubernetes.
In-depth knowledge of application security concepts, best practices and methods
Understanding of security by design principles and architecture level security concepts.
Experience securing cloud infrastructure and cloud applications.
Experience coding in Java, Python, or Go, and at least one scripting language.
Knowledge of developer tools and environments, project management and bug tracking systems.
Experience with various application security tools including SAST, SCA, DAST, Penetration testing, Fuzzing etc.
Knowledge of web, mobile, API, Microservices, network and security architectures and design patterns.
Knowledge of AWS, Azure, GCP and OCI native security tools.
Knowledge of security best practices, principles, and common security frameworks, such as NIST, ISO, Common Criteria, TCSEC, OWASP, etc.
Experience with data architecture, modeling and integration.
Knowledge of current and emerging security technologies, threats and techniques for exploiting security vulnerabilities.
Experience with methodologies and tools, for threat analysis of complex systems, such as threat modeling and software fuzzing.
Experience building secure software based on frameworks such as OWASP, CWE, SANS, OpenSAMM, BSIMM.
Experience in implementing and integrating security tools into CI/CD.
Experience with process improvement, automation release management, and system development life cycle (Waterfall and Agile).
Security certifications: CISSP, CISM, CRISC, GSEC or willingness to obtain within 12 months of hire.
Communication, presentation and analytical skills along with the ability to thrive in a dynamic environment and handle multiple priorities.
Willingness to travel.
Equal Employment Opportunity
We're proud to be an equal opportunity employer - and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. Different makes us better.