Software Security Architect



Software Security Architect Jersey City, New Jersey

Title: Software Security Architect

Job Type:  Permanent

Primary Location:  Jersey City, New Jersey

The Challenge:

Vignetic is looking for a Software Security Architect to join the CISO group. The individual will be responsible for program management of the application security program including setting strategy and leading adoption of secure software development lifecycle (S-SDLC) program across the company and its agencies.  Preference is given to candidates with a background in software development and a strong understanding of software development lifecycle. The ideal candidate is a good communicator, persuasive, analytical, understands risk and is knowledgeable in application development.  This is a position where the right candidate can build a world class software security organization.

Role & Responsibilities:

  • Lead software security program strategy based on business needs.
  • Evangelize the adoption of secure software development lifecycle methodology across enterprise.
  • Manage implementation and adoption of centralized application security services.
  • Lead the assessment, metrics, and reporting of software security risk across company application portfolio.
  • Chair the global software security working group.
  • Act as primary point of contact for software security questions and mentoring for security champions.
  • Engage with third party venders to deliver software security tools and services.
  • Strong knowledge of or the ability & interest to learn common software risks (such as OWASP top 10).
  • Familiarity with threat modeling, software composition analysis, and vulnerability disclosure programs.

Essential Skills & Qualifications:

  • Bachelor of Science in Computer Information Systems, Computer Science, Information Systems Management, related field, or equivalent work experience
  • 6+ years of combined hands-on experience in software development, application engineering, and hosted applications.
  • Information Security certification or equivalent desired
  • Knowledge of NIST-800 and Cloud Information Security (CIS).  Strong understanding of development methodologies, particularly Agile and DevOps
  • Familiarity with static and dynamic application security, penetration testing and vulnerability assessment tools, such as Veracode, Checkmarx, Burp Suite and WPscan
  • Familiarity with API standards and implementation (OAuth, JWT, JWYKey, Public key encryption, OpenId)
  • Experience working with development technologies such as Microsoft .NET (C#), ASP.NET/MVC, WCF/Web API/REST, JavaScript frameworks, HTML+CSS3+Javascript
  • Able to explain impact of vulnerabilities and mitigating strategies to application development teams
  • Good oral and written communication skills




Tagged as: Software Security Architect