Security Architect
SUMMARY OF ROLE
The Application Security Architect provides strategic direction, thought leadership, and technology leadership to create and ensure that architectures – people, process, and technology – are aligned to support the highest security standards and protect the interests of our customers and our business. This involves both strategic and tactical reviews of architectures, products, and projects and developing a security roadmap to continuously improve our security architecture and support the highest security best practices.
ESSENTIAL FUNCTIONS, DUTIES AND RESPONSIBILITIES:
The below statements are intended to describe the general nature and scope of work being performed by this position. This is not a complete listing of all responsibilities, duties and/or skills required; other duties may be assigned.
• Determine security requirements by evaluating business strategies and requirements
• Actively study and research client’s current frameworks and identify potential flaws and actively guide the upgrade/patch processes
• Research information security standards, OWASP and ensure all our applications are aligned
• Conduct system security and vulnerability analyses and risk assessments as well as incident response analyses and summarise into reports and trends
• Security architecture assessments and code reviews
• Verify security systems by developing and implementing test scripts
• Initiate and co-ordinate penetration testing end to end in all layers
• Identify and promote usage of security scanning tools to automate reviews
• Maintains strong knowledge of emerging and common security vulnerabilities, attack vectors, attack methods, and remediation techniques
• Implements security systems by specifying intrusion detection methodologies and equipment, directing equipment and software installation and calibration, preparing preventive and reactive measures and providing technical support and documentation
• Collaborates with Network Operations staff to develop requirements for LAN’s, WAN’s, VPN’s, routers, firewalls, PKI’s, including use of certification authorities (CA’s) and digital signatures to ensure proper security metrics and monitoring are in place and adhere to industry standards
• Defines and prepares security standards as well as policies and procedures and ensures compliance
• Produces artefacts and models to describe the strategy, principles, frameworks and standards
• Monitors and reports on project compliance and alignment to overall strategy
• Enhance the security team competence by planning delivery of solutions, educating product development staff on best practices for security in product and software design, implementation, and testing, as well as mentoring team members
• Collaborates with business partners and product development leadership to develop a strategic security roadmap
• Collaborates and interfaces with all levels of management and staff, including executive team
• Provides expert consultancy in the development of programs of work and capital budget allocation
CORE COMPETENCIES
Effectively envision, develop and implement new strategies to address competitive, complex business issues
§ Excellent verbal and written communication skills and strong organisational skills
§ Excellent consulting skills and strong conflict management skills
§ Manage multiple business units in multiple locations
§ Manage multiple conflicting priorities
§ Ability to understand issues domestically and internationally and communicate effectively with clients
§ Be self-directed and motivated
§ Take initiative to identify client needs and makes recommendations for implementation
§ Ability to think laterally and constructively question established process
QUALIFICATIONS
• Bachelor’s degree in Computer Science, Software Engineering, Information Systems or a related field AND
• 7 or more years of development, implementation, or maintenance of large-scale systems across multiple hardware and software platforms AND
• 3 or more years of progressively responsible Application Security experience OR
• Equivalent combination of education and experience
• One of the industry certifications such as CISSP, CISA, SCNP, CRISC, CSSLP, CCNA Security, CEH, GPEN, GCIA, GCIH
• Solid understanding of security and network infrastructures
• Previous Analytic and troubleshooting experience is required
• Must be well versed in Information Security principles at an expert level
• Familiarity with different types of security vulnerabilities and tools for counter measure
PREFERRED REQUIREMENTS:
Broad understanding of overall security landscape in areas of software, infrastructure, and databases and how they interrelate
• Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES])
• Knowledge of the Security Assessment and Authorization (SA&A) process
• Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI])
• Knowledge of network protocols (e.g., Transmission Control Protocol and Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol [DHCP]) and directory services (e.g., Domain Name System [DNS])
• Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs
• Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol and Internet Protocol [TCP/IP], Open System Interconnection model [OSI], Information Technology Infrastructure Library, v3 [ITIL])
• Experience with SOA, REST, SOAP, and web application architecture patterns
• Experience working with web based applications and J2EE based technology stacks
• Experience with application frameworks, data persistence technologies such as Oracle PL-SQL and Hibernate, and web UI technologies such as JSF, JSP, JavaScript.
• Experience working in an Agile environment
Market Related
Johannesburg
Permanent
SUMMARY OF ROLE
The Application Security Architect provides strategic direction, thought leadership, and technology leadership to create and ensure that architectures – people, process, and technology – are aligned to support the highest security standards and protect the interests of our customers and our business. This involves both strategic and tactical reviews of architectures, products, and projects and developing a security roadmap to continuously improve our security architecture and support the highest security best practices.
ESSENTIAL FUNCTIONS, DUTIES AND RESPONSIBILITIES:
The below statements are intended to describe the general nature and scope of work being performed by this position. This is not a complete listing of all responsibilities, duties and/or skills required; other duties may be assigned.
• Determine security requirements by evaluating business strategies and requirements
• Actively study and research client’s current frameworks and identify potential flaws and actively guide the upgrade/patch processes
• Research information security standards, OWASP and ensure all our applications are aligned
• Conduct system security and vulnerability analyses and risk assessments as well as incident response analyses and summarise into reports and trends
• Security architecture assessments and code reviews
• Verify security systems by developing and implementing test scripts
• Initiate and co-ordinate penetration testing end to end in all layers
• Identify and promote usage of security scanning tools to automate reviews
• Maintains strong knowledge of emerging and common security vulnerabilities, attack vectors, attack methods, and remediation techniques
• Implements security systems by specifying intrusion detection methodologies and equipment, directing equipment and software installation and calibration, preparing preventive and reactive measures and providing technical support and documentation
• Collaborates with Network Operations staff to develop requirements for LAN’s, WAN’s, VPN’s, routers, firewalls, PKI’s, including use of certification authorities (CA’s) and digital signatures to ensure proper security metrics and monitoring are in place and adhere to industry standards
• Defines and prepares security standards as well as policies and procedures and ensures compliance
• Produces artefacts and models to describe the strategy, principles, frameworks and standards
• Monitors and reports on project compliance and alignment to overall strategy
• Enhance the security team competence by planning delivery of solutions, educating product development staff on best practices for security in product and software design, implementation, and testing, as well as mentoring team members
• Collaborates with business partners and product development leadership to develop a strategic security roadmap
• Collaborates and interfaces with all levels of management and staff, including executive team
• Provides expert consultancy in the development of programs of work and capital budget allocation
CORE COMPETENCIES
Effectively envision, develop and implement new strategies to address competitive, complex business issues
§ Excellent verbal and written communication skills and strong organisational skills
§ Excellent consulting skills and strong conflict management skills
§ Manage multiple business units in multiple locations
§ Manage multiple conflicting priorities
§ Ability to understand issues domestically and internationally and communicate effectively with clients
§ Be self-directed and motivated
§ Take initiative to identify client needs and makes recommendations for implementation
§ Ability to think laterally and constructively question established process
QUALIFICATIONS
• Bachelor’s degree in Computer Science, Software Engineering, Information Systems or a related field AND
• 7 or more years of development, implementation, or maintenance of large-scale systems across multiple hardware and software platforms AND
• 3 or more years of progressively responsible Application Security experience OR
• Equivalent combination of education and experience
• One of the industry certifications such as CISSP, CISA, SCNP, CRISC, CSSLP, CCNA Security, CEH, GPEN, GCIA, GCIH
• Solid understanding of security and network infrastructures
• Previous Analytic and troubleshooting experience is required
• Must be well versed in Information Security principles at an expert level
• Familiarity with different types of security vulnerabilities and tools for counter measure
PREFERRED REQUIREMENTS:
Broad understanding of overall security landscape in areas of software, infrastructure, and databases and how they interrelate
• Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES])
• Knowledge of the Security Assessment and Authorization (SA&A) process
• Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI])
• Knowledge of network protocols (e.g., Transmission Control Protocol and Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol [DHCP]) and directory services (e.g., Domain Name System [DNS])
• Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs
• Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol and Internet Protocol [TCP/IP], Open System Interconnection model [OSI], Information Technology Infrastructure Library, v3 [ITIL])
• Experience with SOA, REST, SOAP, and web application architecture patterns
• Experience working with web based applications and J2EE based technology stacks
• Experience with application frameworks, data persistence technologies such as Oracle PL-SQL and Hibernate, and web UI technologies such as JSF, JSP, JavaScript.
• Experience working in an Agile environment
Market Related
Johannesburg
Permanent
