| ||KEY JOB RESPONSIBILITIES (ESSENTIAL POSITION FUNCTIONS): |
As part of ServiceMaster Information Security, the Application Security Architect enables our software development and business teams to achieve their objectives with informed decisions that balance risk with business opportunity. The candidate must provide actionable security strategies, architectures and solutions. ServiceMaster is seeking a talented information security professional who will make significant contributions to the application security domain.
Successful candidate will:
Take strategic ownership of the application security architecture domain
Collaborate with security and technical domain experts, internal customers and key external partners on application security related initiatives, projects, and new technology development to identify risks, define and drive strategies, and recommend mitigating controls.
Enable improved business product delivery velocity through improving information security alignment within all our development programs, reducing security incidents/rework, driving automation and integrated security processes.
5+ years of information technology systems design and planning experience; in systems, applications, or architecture
3+ years of information security experience
3+ years of secure SDLC (System Development Life Cycle) methodologies experience
1+ year of design pattern experience
Experience influencing management on technical or business solutions
Experience with a wide application of technical principles, practices, and procedures to multiple applications or a component family
Excellent verbal, written, and interpersonal communication skills
Ability to interact with all levels of an organization
Ability to influence and build relationships with LOB stakeholders, technology CIO leadership, external service providers, and architecture teams
Knowledge and understanding of threat analysis and assessment of potential and current information security risk/threats
Web application security vulnerability detection and mitigation experience
Knowledge and understanding of application or software security such as: static and dynamic code scanning, web application penetration testing, secure code review, secure static code analysis
Knowledge and understanding of monitoring the development of security vulnerabilities, threats, exposures, associated risk, and mitigating solutions
Knowledge and understanding of cryptography and key management
Knowledge and understanding of web services, SOA (Services Oriented Architecture), microservices, and API biased architectures
Experience in Agile Development, DevOps methodologies and patterns.
Knowledge and understanding of diverse platforms and operating systems, including current and emerging technologies
Experience delivering sound security strategy to web applications
Other Desired Qualifications
Experience in developing/deploying mobile applications (iOS, Android, Chromium)
Single-Page Applications and frameworks (AngularJS, NodeJS, etc.)
Familiarity with securing database platforms such as Oracle, SQL Server, DB2, and nonrelational databases (MongoDB, Hadoop, etc.)
Familiarity with cloud and virtualization technologies, including containerization and serverless deployments.
Familiarity with software development/deployment methodologies including agile, Continuous Integration/Continuous Deployment (CI/CD), DevOps, and secDevOps
Familiarity with OWASP, NIST, ISO, PCI DSS, CLASP, CVE, WASC
Security certifications such as CISSP, CSSLP, ISSAP, ISSMP, GWEB, GSEC, GPEN