30 Sep
Software Security Architect
New Jersey, Jerseycity , 07097 Jerseycity USA

Vacancy expired!

Position Summary:IPG is seeking a Software Security Architect to join the CISO group. The individual will be responsible for program management of the application security program including setting strategy and leading adoption of secure software development lifecycle (S-SDLC) program across IPG and its agencies. Preference is given to candidates with a background in software development and a strong understanding of software development lifecycle. The ideal candidate is a good communicator, persuasive, analytical, understands risk and is knowledgeable in application development. This is a position where the right candidate can build a world class software security organization.

Essential Functions:
  • Lead software security program strategy based on business needs
  • Evangelize the adoption of secure software development lifecycle methodology across enterprise
  • Manage implementation and adoption of centralized application security services.
  • Lead the assessment, metrics, and reporting of software security risk across IPG’s application portfolio
  • Chair the global software security working group
  • Act as primary point of contact for software security questions and mentoring for security champions
  • Engage with third party venders to deliver software security tools and services
  • Strong knowledge of or the ability & interest to learn common software risks (such as OWASP top 10)
  • Familiarity with threat modeling, software composition analysis, and vulnerability disclosure programs

Experience, Knowledge, Skills and Abilities:
  • Bachelor of Science in Computer Information Systems, Computer Science, Information Systems Management, related field or equivalent work experience
  • 6+ years of combined hands-on experience in software development, application engineering, and hosted applications.
  • Information Security certification or equivalent desired
  • Knowledge of NIST-800 and Cloud Information Security (CIS).Strong understanding of development methodologies, particularly Agile and DevOps.
  • Familiarity with static and dynamic application security, penetration testing and vulnerability assessment tools, such as Veracode, Checkmarx, Burp Suite and WPscan
  • Familiarity with API standards and implementation (OAuth, JWT, JWYKey, Public key encryption, OpenId).
  • Experience working with development technologies such as Microsoft .NET (C#), ASP.NET/MVC, WCF/Web API/REST, JavaScript frameworks, HTML+CSS3+Javascript.
  • Able to explain impact of vulnerabilities and mitigating strategies to application development teams.
  • Good oral and written communication skills

Vacancy expired!


Report job