Description
Lead Application Security Architect
We are searching for an experienced Application Security Architect who can utilize solid business knowledge and expert technical experience in security to help develop strategy, roadmap and execution for our Application Security program. In this role you will aligned to a segment (line of business) to proactively discover security issues during solution design and prevent vulnerabilities during development. You will develop assessment frameworks to evaluate designs then be responsible for their execution. These processes will become especially pertinent in support of current technology modernization efforts with a big emphasis on cloud adoption.
This position is a role that will allow you define greenfield process and tooling while working with innovative technology such as automated release pipelines and cloud migration.
We are building processes that our vendors see as cutting edge with an emphasis on automation
In addition to the technical benefits, you will be responsible for all security elements of the SDLC and it’s relationship with a technology line of business team
Responsibilities
Dedicated to a segment (line of business) to perform application security assessments, threat models and enforce design patterns while integrating them into a modern SDLC.
Serve as a single point of contact and develop relationships with a single segment (line of business)
Proactively communicate design and development principles to appropriate stakeholders
Proactively improve security designs to reduce vulnerabilities found after development of code
Influence stakeholders to correct security deficiencies in the solution design as well as developed code
Provide solutions to security deficiencies while allowing for necessary business and technical functionality
Automation and standardization of all applicable processes
Required Qualifications:
Technical Competencies
Many of the below requirements may be substituted for compensating software architecture background. We embrace software architects or developers looking to train into security.
In depth comprehension of the OWASP Top 10 and an ability to communicate with developers and application architects. Development or software architecture background is preferred.
Experience implementing application security frameworks such as BSIMM and SAMM
Expertise in performing cloud architecture reviews, application risk assessments and threat modeling
Experience in integrating security controls into all forms of SDLC including automation into a CI/CD pipeline
Communicate the need for security controls to a business audience, including justification of spend and effort
Analyzes business impact and exposure based on emerging security threats, vulnerabilities and risks, and recommends technologies and solutions to mitigate them.
Implement security considerations for in house developed, COTS and SaaS solutions
Translates technical concepts into plain language to show business risk
Collaborates with developers and software architects to adjust designs to securely meet business and technical requirements
Cultural Competencies
Ability to build and implement new security functions in an organization (greenfield).
Comfortable operating in an environment with constant change and ambiguity
Demonstrated experience leading and developing others by providing technical guidance and leadership to project teams.
Maintain team engagement through delegation and empowerment
Build relationships with development, software architecture and product management stakeholders
Experience working in highly regulated environments subject to HIPAA, HITrust, PCI or other related
Preferred Qualifications:
Bachelor’s degree in an IT-related field strongly preferred; post-graduate degree is a bonus, but not required
Knowledge and experience with the configuration of security controls and secure migration of enterprise applications to one of the major cloud providers such as Azure (preferred), Amazon Web Services, or Google Cloud.
Experience with CI/CD pipelines
Automation and standardization of software security controls, particularly into a CI/CD pipeline
CISSP, CISM or equivalent
GIAC or Offensive Security certifications
Cloud Architecture and/or Cloud Security Certifications (AWS, Azure, GCP)
Cloud Security Alliance (CCSP, CCSK) (ISC)2
Additional Information
Humana and its subsidiaries require vaccinated associates who work outside of their home to submit proof of vaccination, including COVID-19 boosters. Associates who remain unvaccinated must either undergo weekly negative COVID testing OR wear a mask at all times while in a Humana facility or while working in the field.
Remote/WAH requirements:
WAH requirements: Must have the ability to provide a high speed DSL or cable modem for a home office. Associates or contractors who live and work from home in the state of California will be provided payment for their internet expense.
A minimum standard speed for optimal performance of 25×10 (25mpbs download x 10mpbs upload) is required.
Satellite and Wireless Internet service is NOT allowed for this role.
A dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information
Scheduled Weekly Hours
40
Humana complies with all applicable federal civil rights laws and does not discriminate on the basis of race, color, national origin, age, disability, sex, sexual orientation, gender identity or religion. We also provide free language interpreter services. See our https://www.humana.com/legal/accessibility-resources?source=Humana_Website.
WHAT’S THE JOB – Manpower’s client is seeking a HR Professional that is well organized to assist with printing, scheduling...
Apply For This JobSangoma is looking for a talented self-motivated Junior level FullStack Engineer to join our fast-paced ever-growing organization. As a FullStack...
Apply For This JobIf you are located within state of Minnesota , you will have the flexibility to telecommute* (work from home) as...
Apply For This JobCompany: US0056 Sysco Boston, LLC Zip Code: 02367 Minimum Level of Education: High School or Equivalent Minimum Years of Experience:...
Apply For This JobThis is a seasonal position (mid-April through mid-October) that requires you to work in Yellowstone National Park, WY. High volume,...
Apply For This JobTitle: Bookseller – PT Category: Retail EmploymentType: Part-Time Location: WA – Woodinville – Woodinville – 2910 LocationType: retail JobLocation: Woodinville,...
Apply For This Job