Application Security Architect - Atlanta, United States - Minority Professional Network [ mpnDiversityJobs | mpnDiversityRecruiters ]

Description

Our Fortune 500 Company client is seeking to DIRECTLY HIRE a talented Application Security Architect.

CANDIDATE SUBMISSION REQUIREMENTS: (Please read carefully before applying)

In order to receive consideration for an interview referral submission to our client's Hiring Manager for this role, each candidate must be reasonably qualified and comply with the following requirements:

1) Our client doesn't provide any sponsorships, so you must PRESENTLY be permanently authorized to work in the U.S. WITHOUT requiring any current or future sponsorship (i.e., U.S. citizen or permanent resident cardholder).

2) This is a Hybrid role with expectations to come to the office 20%. You must be within commutable distance to either Atlanta, GA or Birmingham, AL.

3) You must apply with both your current resume AND also your full responses to the Hiring Manager's Screening Questions shown BELOW.

• Your resume must clearly show your personal email address and direct phone number.
• You must fully and accurately respond to ALL of the screening questions.
• Your resume and your responses to the screening questions should preferably be included in a SINGLE (Word or PDF) document, if possible.
• Send the requested information to MPN Diversity Recruiters by either clicking on the APPLY button or via email to

JOB SUMMARY:

Our Fortune 500 Company client is seeking an experienced security architect and technical leader, to design creative solutions and reduce risk. The candidate will directly support the company's efforts to mitigate real and potential cyber threats to the company's facilities, personnel, technology, operations, and brand – including critical electric and gas utility infrastructure and its privately owned telecommunications network. In this role, the potential for individual impact is substantial and has high visibility within the corporate leadership and governance.

This role will have responsibility for setting the strategic direction for the Enterprise Security Architecture teams in the areas of Application and Cloud Security and then execute projects against the strategic roadmap. This position is primarily focused on Application and Code Security but does touch other security domains as well. Interested applicants should be well rounded in their understanding and application of different security and technology platforms; in areas such as identity, networking, endpoint, data, monitoring, cloud, and/or application security. Qualified candidates need to be able to align strategy and execution to increase cybersecurity maturity, anticipate future requirements for complex traditional, hybrid, and multi-cloud environments, drive initiatives via influence and relationships into business processes, keep up with current security trends, be focused on results, and be a self-starter.

This position is responsible for ensuring the confidentiality, integrity, and availability of the company's information assets. This will be accomplished by:

• Establishing and implementing an information security framework and technical architecture.
• Designing, developing, and implementing information security products.
• Providing information security expertise and consulting.

While Fortune 500 Company is headquartered in Atlanta, we bring energy to homes and businesses across the country. We've made our name as a leading producer of clean, safe, reliable, and affordable energy, and we approach each day as a vital step in building the future of energy. We're always looking ahead, and our innovations in the industry—from new nuclear to deployment of electric transportation and renewables —help brighten the lives and businesses of millions of customers nationwide. Our team is critical to building the future of energy with secure, resilient, and sustainable cyber solutions.

Job Responsibilities:

• Align forward thinking strategy with business goals to integrate and raise the bar on security practices and solutions.
• Assist in the ongoing development of Fortune 500 Company's security architecture – identify areas of opportunity, research alternatives and recommend solutions.
• Develop creative solutions to meet business needs while ensuring appropriate security controls and best practices are implemented.
• Partner with others to identify and resolve information security issues.
• Plan, coordinate, and lead information security projects.
• Help customers understand and apply information security concepts, processes, and technologies.
• Maintain current knowledge of information security concepts, technologies, and practices.
• Mentor others to strengthen cybersecurity principles and best practices to outside operational areas.
• Establish and maintain excellent working relationships and partnerships across the Technology Organization functions, business partners, and external vendors and suppliers.
• Create an environment that fosters accountability, innovation, and engagement at all levels.
• Streamline the software development lifecycle to reduce application vulnerabilities, improve developer productivity, and code quality.

Education/Experience:

• Experience with software development and programing, code reviews, and application vulnerability remediation.
• Experience with network infrastructure, modern operating systems, database applications, web applications and other computing technologies
• Hands-on experience designing, architecting, and implementing various information security tools/products such as PKI, Static or Dynamic Code Analysis, Next-Generation Firewalls, HSM's, SIEM, Multi-Factor Authentication, IPS, NetFlow Monitoring, Full Packet Capture, Database Encryption, Privileged Identity Management, Cloud Posture Management, etc.
• Ability to lead a project from concept through implementation and anticipate potential problems.
• Comprehensive knowledge and understanding of information security concepts and best practices (NIST, COBIT, ISO, PCI, OWASP, etc)
• Ability to perform detailed information security risk assessments and recommend mitigating controls.
• Experience promoting security as a business enablement function through the use of documentation, metrics, and strong verbal communication.
• Industry certification preferred (CISSP, CCSP, CISA, GIAC, etc.)

Requirements and qualifications:

Minimum

• Experience with software development and programing, code reviews, and application vulnerability remediation.
• Strong technical knowledge of application development practices, CI/CD pipelines, various cloud platforms including Azure, AWS, or GCP, modern operating systems, networking protocols and designs, and identity management.
• Experience with development platforms and CI/CD tools, such as TFS/ADO/Git or Jenkins.
• Proficiency in one or more coding languages, such as C#, Python, Java, or Java Script
• Experience promoting security as a business enablement function using influence, metrics, documentation, strong verbal communication, and presentation skills.
• At least 5 years of work experience playing a key role in building technical programs.
• Ability to lead a project from concept through implementation and anticipate potential problems.
• Experience prioritizing and executing with minimal direction or oversight.
• Must pass NERC CIP & Insider Threat Protection background checks.

Preferred Qualifications

• Development or Programming background.
• Azure, AWS, and GCP certifications preferred.
• Competency in APIs (Rest, Graph) and/or JavaScript/JSON/Kubernetes/SQL.
• Industry certifications such as: CISSP, CCSP, CISA, GIAC, OSCP, CRISC, CCNP, etc.
• Experience with information security frameworks such as: COBIT, NIST, OWASP, etc.
• Familiarity with nation state, sophisticated criminal, and supply chain threats.
• Up-to-date knowledge of current hacking techniques, vulnerability disclosures, and data breach incidents.
• Working knowledge of cloud and traditional security network architectures.
• Experience with cybersecurity analysis and analytic tradecraft.

__________________________________________________________________

PRE-SUBMISSION SCREENING QUESTIONS (Responses Required for Interview Consideration):

Please answer ALL of the questions BELOW as accurately as possible. If you're determined to be reasonably qualified, you will be submitted to our client for a potential interview and direct hiring consideration for this great opportunity.

1) How would you describe your technology background?

2) Describe your experience partnering with teams outside of security to reduce a company's risk posture.

3) What's the goal of information security within an organization?

4) How would you measure how well a security team is doing?

5) What do you think are some of the most important technology trends right now?

6) What will be the biggest challenge faced by cybersecurity professionals in the next year?

7) Describe your previous experience securing applications via code, both on prem and in the cloud.

8) We provide a competitive compensation package to include a base salary, incentive pay (bonus), and comprehensive benefits which include a pension plan and matching 401(k) plan. Specifically, what are your base salary requirements? (Do not state negotiable or N/A; if need be, list a range)

9) Are you permanently authorized to work in the U.S. WITHOUT requiring any current or future sponsorship (e.g., U.S. citizen, permanent resident)? Please reply with one of the following options:

(a) I am a U.S. citizen, or

(b) I am a permanent resident card (i.e., green card) holder, or

(c) None of the above.

__________________________________________________________________

If you're not able to edit your resume (i.e., because it's a PDF) to add the HMSQ responses, please send your resume and the responses to the screening questions (in a separate document or message) and we will merge them for you.

Call if you have any questions.

Bachelor's Degree

$120K - $140K (DOE) plus 25% Bonus