Qualifications

• At least 8+ years of experience in software engineering, architecture, and software security
• We’re looking for a seasoned software security architect who understands secure software development and has a strong understanding of DevSecOps architecture
• You understand secure engineering best practices and propose solutions to both technically savvy and non-technical audiences
• You know the software security secure development best practices specific to development languages and frameworks 
• You know the security tooling landscape and have implemented security programs at organizations with complex application architecture
• You have a growth mindset, push yourself toward excellence, and focus on continuous functional improvements
• You have a passion for cyber security demonstrated through participation/leadership in conferences, webinars, Capture the Flag (CTF), TryHackMe, Bug Bounty, Submission of CVEs and/or personal projects
• Strong understanding of past, current, and emerging security exploits
• 5+ years of previous experience with software security initiatives and/or transformations
• Knowledge of OWASP Top 10, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), API Security Testing Tools, Automated Mobile Testing Tools, BSIMM, OpenSAMM and Threat Modeling tools
• At least one security certification (ex CISSP, OSCP, GWEB, CEH, GRTP, GWEB)
• Experience with multiple languages such as Java, Rust, Python, and/or Java Script
• Understand how to detect and prioritize front-end, API’s, Microservices, and Container vulnerabilities
• Familiar with common build/automation tooling: ex Jenkins, GIT

Responsibilities

• Provide subject matter expertise, roadmaps, strategies, and reference architectures for application and product security
• Provide thought leadership in the areas of security tool automation, optimization, application vulnerability management, and strategies for risk reduction
• Create a design of comprehensive architectural patterns for secure development standards for front-end, APIs, and mobile
• Develop and maintain application security policies, standards, and guidelines and ensure their adherence across projects
• Develop a strategy to automate software security vulnerability verification throughout the development process
• Collaborate closely with cross-functional engineers to identify application-based vulnerabilities, design secure application architectures, and guide the integration of security measures into the development process
• Create architecture design for tool integrations and implement tooling within CI/CD pipeline, limit manual testing and troubleshooting
• Lead security engineer and software engineer training related to high-risk security risks
• Evaluate products for security gaps through threat modeling and pen testing

Base pay for this role is expected to be between $164,000 - $215,000USD. This expected base pay range is based on information at the time this post was generated. This role will also be eligible for other forms of compensation such as a performance linked bonus, equity, and a competitive benefits package. Actual compensation for a successful candidate will be determined based on a number of factors such as skillset, experience, and qualifications.