Application Security Architect
Blue Cross Blue Shield of Michigan
Contract Detroit, Michigan, United States Posted 7 years ago
About Position
Application Security Architect (Contract)
$90.00 / Hourly
Detroit, Michigan, United States
Application Security Architect
Contract Detroit, Michigan, United States Posted 7 years ago
Description
The Application Security Architect is responsible for assuring that IT application software and infrastructure are designed, implemented, and operated in accordance with applicable security standards and practices. Primary responsibilities include applications security, risk assessment, validation of security pen test results, problem resolution, system documentation, and system security management and support. ESSENTIAL DUTIES AND RESPONSIBILITIES Good understanding of the architecture and the various web application tier and database tier components underlying objects, schemas/products, database objects, file system structure, tables, views, packages, procedures, sequences, indexes, and constraints. Conduct information security threat analyses on new and changed application development initiatives towards design, review, and incident response planning. Provide indepth assistance with the integration of information security within the application development life cycle. Review security requirements at relevant phases for both technical and operational perspective. Reviews remediation activities for completeness. Identifying security requirements and recommending appropriate solutions to IT and business problems. Review application source code for vulnerabilities, using both manual and automated code scanning techniques aka Whitebox Testing. Perform vulnerability scanning and penetration testing at all application tiers using appropriate tools (network scanners, web scanners, database scanners, etc.) aka Blackbox Testing. Knowledge of operating systems (Windows, Unix) and common COTS products used to deliver web services, including IIS, Apache, Tomcat, Oracle Application Server, WebSphere, etc. Identify and convincingly explain the risks associated with common application vulnerabilities, demonstrate exploitation, and recommend mitigation options. Discern, document, and setup standard practices for application security audits. Partner with operations, audit, legal, compliance and administration teams to support the information security needs of their projects and ensure that risks are accurately identified and appropriately managed to the enterprises accepted level of risk. Participate in developing standards for information technology security practices. Identify and evaluate tools and techniques to be used for capture, modeling and analysis of information security architecture. Analyze, review, customize and recommend security architectures for internal projects and initiatives. Identifies, implements, and monitors best practices for information security architecture. Determine and clearly communicate quantitatively where possible the information security risks to the application development teams. Assure compliance to security policies, standards, and procedures, including HIPPA, SOX, and CMS compliance.
By applying to a job using PingJob.com you are agreeing to comply with and be subject to the PingJob.com Terms and Conditions for use of our website. To use our website, you must agree with the Terms and Conditions and both meet and comply with their provisions.