Cloud and Web Applications Security Architect
Our client is seeking a seasoned and passionate Chief Cloud and Web Applications Security Architect. As a leader, you will partner with the Cloud Architects and Web Marketing Teams to understand the direction for the new innovative cloud services, web services and tools to help our customers, and take Client’s business to the next level.
You will form strong partnerships with the heads of Information Security and Product Security to support an agile environment to provide end to end support of Client’s products, services, and tools to grow our business.
You will champion secure coding practices, static testing, and use of world-class security techniques to protect our data, ensure the privacy of customer data, and continue our customer’s trust in Client.
You will work with senior leadership to chart Client’s future strategy including cloud (SaaS, IaaS, and PaaS) platforms, API publication, portals services, and overall web presence. You will coordinate and drive the evaluation, conceptualization, design, and integration of major new capabilities, programs, and policies across the organization. The creation and implementation of security processes throughout the software development and review lifecycle will be imperative. You will proactively search out, take on, and efficiently drive resolution of the toughest technical challenges the business faces. You will conduct research and case studies on leading edge security architectures and technologies, partner with leading industry and academic consultants on Client’s future security direction.
Your mission will be to balance the need for web applications to access Client’s Enterprise data to provide a world-class customer experience, while providing a secure-by-design infrastructure that protects Client’s global business. You are expected to consider privacy-by-design, and balance business data needs with customer expectations about data collection and usage (globally).
Your success in this role requires the ability to work effectively at multiple levels ranging from “in-the-trenches” with individual engineers and architects, “white boarding” with senior managers, and participating at higher levels with senior executives and customer stakeholders. You will rally multiple stakeholders around a holistic approach to privacy and security across the organization.
Additional responsibilities include:
- Set the cloud and web application security strategy, policies, measurement and programs across the entire Client portfolio.
- Own the cloud and web application security strategic planning and execution. These initiatives and programs will feed directly into Client's enterprise-wide strategic security plan.
- Forward look at trends in Security and Privacy that affect Client's business, portfolio and/or customers. Create and implement the proactive, appropriate response and changes.
- Partner with the Directors of IT Security and Product Security to effectively leverage Client's resources across all Engineering, Product, and IT functions.
- Spearhead strategic/Continuous Improvement projects:
- Create and implement secure coding and training practices across the global enterprise
- Drive a culture and process around automated unit and software testing
- Methodology, program and staffing for security alerts for all product software including OS, open source modules, etc.
- Develop a mature, rapid patch response for high CVSS security flaws
- Audit Program:
- Secure coding training being completed
- SYSPR – System Security and Privacy Reviews are properly held – action items completed
- Documentation of security reviews project by project
- Security improvement commitments made at "Can Ship" follow-through
- Security improvements follow through in subsequent software releases.
- Commitments made at "Can Ship" and proper balance of feature releases between features and improving security
- Audit database of software revisions used in products is current
Client is a leader in the home and building controls market, and one of the first entrants into the connected home/IoT space. The ideal candidate will demonstrate a passion for Cloud and Web Applications Software Security technology trends as well as the rapidly evolving IoT market. The ideal candidate will have more than a decade of experience providing a level of influence in a cross-functional role.
Additional skills include:
- 10+ years of experience in software and security for Cloud and Web Applications and interfacing to Corporate Enterprise Systems.
- Conversant in OWASP Top 10 Vulnerabilities; SANS top 25, CVE, GDPR and CASB
- Experienced in how to train developers in secure programming, catching vulnerabilities, and how to fix them correctly
- Experience and demonstrated ability to lead cross-functional teams
- Mentor and coach software engineers to prepare detailed software/security plans, test plans, and proper reviews to create secure systems.
- The ability to manage and expand relationships and have the range to operate at strategic and tactical levels
- Ability to coach/develop engineers to write attack models, weigh risk to reputation vs. cost and time to implement and develop test tools to continuously test code builds for security vulnerabilities.
- Adapt, change, or modify software and application development activities to respond to new threats with demonstrated techniques for evaluating security threats and determining the impact to commercial and developed applications.
- Demonstrated ability to assess and weigh risk to set priorities
- Drive continuous improvement in security, and champion changes to the organization.
- Experience clearly presenting complex security topics and plans and how they will help the business to senior management to obtain buy-in and funding.
- Passion for security - especially practical security for homeowners, facility managers, and IT leaders.
- The ability to manage and expand relationships and have the range to operate at strategic and tactical levels.
Job Type: Full-time
- in software and security for Cloud and Web Applications: 10 years (Preferred)