Application Security Architect
With Ultimate Software in Atlanta GA USMore jobs from Ultimate Software
Posted on May 18, 2020
About this job
Location options: Paid relocation
Job type: Full-time
Experience level: Senior, Lead
Role: System Administrator
Industry: Computer Software, Human Resources, Software Development
Company size: 5k–10k people
Company type: Private
cryptography, tcp-ip, oauth, saml, xacml
Ultimate Software continues to invest in a modern, vibrantly growing technology portfolio. The Security Architecture team contributes to the Global Security and Ultimate Software missions by building and maintaining solid mutual beneficial partnerships with all areas of the business. We are strong believers of security as a business enabler, hence, to achieve this level of partnership, we strive to provide responsive, easy to maintain cost effective security solutions. We are a highly versatile and technical team, gleaning from network engineering, developers, application security, software architecture, and Third-Party/Partner reviews.
Primary/Essential Duties and Key Responsibilities:
- Evaluate solutions, architectures and processes to assess risk
- Identify solutions to remediate risk
- Evaluate Third Party Assessments; Partners security postures and adherence to Ultimate Software standards.
- Participate in and drive technology projects
- Develop software frameworks both for internal and external consumption
- Push for security software development lifecycle - including thread models and code reviews
- Serve as expert advisor for security related questions, lead meetings as needed.
- Threat Modeling, Risk Analysis, Design and/or Architecture Reviews
- Perform Source Code Reviews
- Deep dive into the code to understand what is happening or validate if controls were implemented appropriately.
- Design technical solutions to mitigate or eliminate security vulnerabilities
- Review network architectures and operation system security settings
- 10 years of relevant work experience
- Security Monitoring and Intrusion
- Incident Response and Forensics
- Hard Core Development Skills
- Subject matter messaging expert with extensive, well-rounded background in a diverse set of Authentication (Identity management, MFA/2FA)
- Applied Cryptography (PKI, Appropriate usage of Cryptographic Primitives, Digital Signatures, HASHing, HMACs)
- Authorization (claims, RBAC, fine grained, coarse grained, XACML, OAUTH, SAML)
- Web Services Security (WS-Security, Oauth, JWT)
- Static Source Code Review Tools(e.g. Fortify, Appscan Source, Contrast, etc).
- Network Design Concepts (TCP/IP, Routing, Switching)
- Operation System Hardening (Window Server, Linux)
- Application Service Hardening (CIS, NSA/DOD STIGs)
- Coding experience in one or more general languages
- Mobile App development experience a plus
- GIAC Certified UNIX Security Administrator (GCUX)
- Certified Security Software Lifecycle Professional (CSSLP)
- Certified Information Systems Security Professional (CISSP)
- BA or BS in information security, engineering, computer science, or related areas. A Master’s degree in an IT field is a plus, and a Master’s in cybersecurity is an even bigger plus.
- Limited upon request with adequate notice
- International travel may be necessary
Check out how we give our employees the chance to work on whatever project they want for 48 hours! https://youtu.be/2Aw55CP1IO8
Typical Interview Process:
- If your application is selected, a Talent Acquisition Team Member will reach out to schedule a phone screen with them.
- If selected to move forward, you will complete a HackerRank Assessment.
- If you pass, you will either move forward to a technical phone call for an additional screening, OR directly to an onsite interview.
- Offer stage.