• Job Description

  Req#: 25-229571
  Job Description:
  The Architect is responsible for day-to-day operations of an individual tactical application security unit with team members report directly to this role. Responsibilities also include oversight of activities, artifacts, and product utilization. This person will be the main interface with stakeholders within the individual tactical unit and key in implementing the Application Security program, standards, process, and procedures within that unit.
  This individual is also responsible for collaborating scorecards and metrics related to the performance of their tactical unit and for ensuring the integrity of application security control within the software development lifecycle. Oversight responsibilities include all application security operations and providing guidance and direction on application security controls within the specific unit. Additionally, this resource will provide requirements consultation and be responsible for reviewing and approving all requirement, design, and standards proposals.
  The Application Security Architect is also responsible for collaborating with peer Architects for the normalization of the Application Security program across the enterprise.
  Planning and providing Application Security training for the assigned tactical unit as well as the enterprise is an additional responsibility.
  
  • BS or MS in Computer Science
  • Management and Application Security Penetration Testing
  • Full understanding of Microsoft Office Products, Windows, Unix, and Linux
  • Certified Information Security Professional (CISSP) required
  • Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP)
  • Experience with at least one of the following tools required:
  o Fortify
  o WebInspect
  o AppScan
  o Fiddler
  o Burp
  
  Call Notes:
  • DevOps role, NOT a project manager or scrum master role... must be able to understand code and translate to application teams
  • Knows how to set up Git from the start, connect to SonarCube (CI/CD experience), then instruct application teams how to set up with best practices, recommend changes, etc. according to current standards
  • Must have previous experience with Git (repository and GitLab), CI/CD, SonarCube, and vulnerability/remediation (how to fix it)
  • Highly preferred tools include any of the following: DefendBot, Fortify, Fiddler, Burp, WebInspect, AppScan
  • Experience with penetration testing is a nice to have (knowing the difference between scanning tools vs. SonarCube)
  • Will be included on weekly meetings/updates with application teams to set up training sessions, etc.
  • Previous financial services experience is not required
  • Previous enterprise experience (especially in a highly regulated industry) is a plus
  • Certifications are helpful but not required
  • Will sit onsite in Pittsburgh 3+ days per week... HM would be open to relocating candidates (please note this on the resume for manager consideration)
  #NIT001

• About the company

  Established in 2000, LanceSoft is a Certified MBE and Woman-Owned organization, and a pioneer in providing premium end-to-end Global Workforce Solutions and IT Services to diverse clients across various domains.

Notice