Application Security Architect (Hybrid)

Piper Companies is seeking an Application Security Architect to join a financial services organization based in Richmond, VA. The Application Security Architect will provide leadership regarding security and governance for application development. This position will be hybrid in Richmond, VA!

Responsibilities of the Application Security Architect include:

• Ensure the company’s application security policies and standards follow best practices based on National Institute of Standards and Technology (NIST) and other relevant standards and frameworks.
• Translate security and technical policies into actionable requirements.
• Communicate security risks to different audiences, ranging from business leaders to application development teams.
• Define, publish, maintain, and execute application security governance processes.
• Own day-to-day life cycle management, including identification, threat assessment, threat modeling, and risk avoidance.
• Serve as a subject-matter-expert and lead evangelist for Application Security; act as a first point of contact for critical issues, security risk assessments, and triaging CI/CD issues with partners and stakeholders.
• Work with architecture, engineering, and application teams to advise on secure design for applications in areas such as data protection, key management, authentication, and authorization.
• "Shift-Left" and work with DevOps teams to create policy as code.
• Participate in working groups with other subject matter experts to define and review security standards and guidelines.
• Research and stay up to date on the latest security threats and trends.
• Analyze threats to application security and design solutions to mitigate those threats.
• Develop and execute projects to enhance application security measures.
• Provide guidance and oversight for the correction of discovered vulnerabilities.

Qualifications for the Application Security Architect include:                                                                        

• 7+ years demonstrated cybersecurity experience.
• Strong understanding of cybersecurity risks, technical control implementation, and at least one industry standard cybersecurity frameworks (NIST 800-53, NIST CSF, ISO 27001, etc.).
• In-depth knowledge of application security.
• Expertise in infrastructure, system, and application design and implementation using data, web, mobile, cloud, and open-source technologies.
• Expertise with the Software Development Life Cycle (SDLC) process.
• Experience with results interpretations of Dynamic Application Security Testing (DAST) reports.
• Experience with at least one Static Application Security Testing (SAST) tool (e.g., CheckMarx, HP Fortify SCA, Coverity, Veracode, FindBugs, other), its use, reports results interpretation, developer community support in remediating verified code-associated security vulnerabilities.
• Knowledge of potential risks involved in application transitions from on-premises to cloud
• Bachelor's degree in Information Technology, Computer Science, or related degree or equivalent years of experience.

Compensation for the Application Security Architect includes:

• Salary: $155,000 – $165,000
• Full benefits: Healthcare, Dental, Vision, 401k, Flexible work schedule

Keywords: #LI-MM1 #LI-HYBRID

Application Security Architect, Richmond VA, Cybersecurity, NIST Standards, Security Governance, Application Development, Cloud Environments, Policy Creation, Risk Management, Threat Assessment, Security Compliance, SDLC, DAST, SAST, Vulnerability Management, Secure Design, DevOps, Policy as Code, Security Frameworks, ISO 27001, NIST 800-53, OWASP ASVS, Open Security Architecture, Big Data Security, Cloud Security, Thought Leadership, Continuous Improvement, Innovative Approaches, Project Management, Interpersonal Skills, Leadership Experience, Technical Control Implementation, Cybersecurity Risks