Data/Technical Architect 6-10+ yr
Information Technology | Piscataway, NJ | Full Time
• Responsible for keeping My Business (EPB) compliant with VZW security policies: Corporate Policy Instruction (CPI), Sensitive Personal Information (SPI), Customer Proprietary Network Information (CPNI), Payment Card Industry (PCI), Sarbanes-Oxley (SOX).
• Work closely with application development and network/infrastructure teams to resolve security vulnerabilities.
• Monitor and prioritize resolution of vulnerabilities identified through
o Static Source Code Scans
o Dynamic Application Scans
o IP/Port Scans
o Open Source Code Scans.
• Work on DevOps tools to automate and improve monitoring process for proactive remediation.
• Work on developing enterprise application components, to standardize and extract KPI metrics, trends and alerts on demand.
• Provide technical assistance and security architecture guidance to application teams with vulnerability remediation and best practices.
• Interpret application and data confidentiality components clearly and recommend appropriate implementations.
• Work with risk and security architects in analyzing relationship between systems; and implementing new solutions to ensure secured environment.
• Acts as a Subject Matter Expert for Application Security, works hand in hand with Enterprise Security team, Fraud, Audit, Compliance & Legal.
• Create documentation and training materials to educate stakeholders on key security concepts.
• The ideal candidate would have enterprise application development background, with a strong background in Security principles.
• Bachelor’s Degree in computer science or other relevant discipline.
• 8-10 years of experience in SDLC implementation of a multi-tiered web application, using Java/J2ee components.
• 6+ years of experience working in enterprise application with major focus on application security.
• Hands-on experience with Spring, Hibernate, design patterns and coding standards for secured software development.
• Knowledge/hands-on experience in implementing DevSecOps.
• Experience in using DevOps tools to automate scanning and reporting process
• Experience conducting application security assessments, penetration tests and implementing tools for dynamic/automated code reviews
• Experience with security tools is preferred, for static and dynamic code analysis. (Fortify, Checkmarx, WebInspect Enterprise, BurpSuite, Prevoty)
• Strong understanding and experience in handling network and port level vulnerabilities.
• Experience handling security audits to ensure compliance with industry standards
• Strong written and verbal skills to communicate effectively with an attention to detail.
• Proficiency in using and navigating in UNIX.
• Strong ability to write new and modify existing shell scripts.
• Proficiency with database management and SQL.