Application Security Architect (API & Cloud)

ScopeWork as the Architect to design, implement and govern the overall security architecture of products.Manage security considerations for both cloud-native applications and the transition of SaaS on-prem applications to cloud environments.Aligning the secure development lifecycle to industry standards, including Microsoft SDL, OWASP development guides, and related topics (Secure-by-design).Integrate/enable security engineering automation (e.g. SAST, IAST) in the delivery pipeline.Perform proof-of-concept and proof-of-technology testing for integrating new 3rd party security products into the development and deployment processes.What You’ll DoLead, design, maintain, and implement the Phenom Secure Architecture Software Development program to support the best cybersecurity development practice and ensure it is highly secure, resilient, and aligned with business and product development strategy.Identify appropriate cybersecurity controls and provide guidance to Senior Engineering and Product Management on defining and prioritizing its development on the platform.Participate in architecture design reviews with senior engineering and product management staff to guide and implement effective threat modeling and security standards into product design.Evaluate application security tools to improve our detection and prevention capabilities.Research, identify and analyze and triage vulnerabilities that could affect Platform and its supporting infrastructure, and determine its severity, exploitability, and corrective action recommendations, summarizing and reporting results.Collaborate with engineering/development teams to evolve software assurance processes to address security risks and help teams learn and adopt shift-security-to-left practices.Drive continuous improvement activities to define, measure, visualize and improve key cyber security metrics.What We Are Looking ForBachelor s degree or higher in a related field10 years of hands-on technical expertise in Application Security Architecture, automation, integration, and deployment.Experience with Cloud environments, security controls, and corresponding cybersecurity challenges.Experience implementing, managing, and supporting a vulnerability management program (process and technology) in Agile environments.Coding Experience in Scripting programming languages (such as Java, Python, Ruby, Terraform etc.)Experience and knowledge of implementing a DevSecOps ecosystem and a well-known understanding of Dynamic and Static Application Security Testing (DAST SAST) and infrastructure automation/development utilizing APIs.Experience working with Threat modeling (e.g., STRIDE, PASTA, FAIR, Security Cards) and vulnerability frameworks standards (e.g., OWASP, CVSS, CWE)Understanding of global frameworks and standards like NIST, ISO 27001/27002/27017/ 27018, GDPR, etc.Our ValuesIf you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success – and the success of our customers. Does your heart beat like ours? Find out here: Core ValuesDiversity, Inclusion, Value & Equality (DIVE) is our strategy for fostering an inclusive environment we can be proud of. Check out Blue Yonder's inaugural Diversity Report which outlines our commitment to change, and our video celebrating the differences in all of us in the words of some of our associates from around the world.All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.