Application Security Architect
Arlington, VA, United StatesApply Now
At Hobsons, education is more than just our business; it’s our passion. Since 1974, we have been helping educators, administrators, students, and families maximize success through every stage of the learning lifecycle. Hobsons’ personalized learning, academic planning, post-secondary enrollment, and student support solutions serve millions of students across more than 12,000 schools, colleges, and universities around the globe.
The Security Architect will work internally with Application Development and Platform teams and externally with DMGT portfolio companies to ensure the system security posture is improved to world class standards. This includes helping guide the design and architecture of secure applications from the ground up, implementing secure coding practices, and evaluating cloud environments to ensure security considerations are well defined and implemented. This role will be responsible for a comprehensive secure development and testing process including automation on a continuous basis for compliance with standards and controls. This is the perfect opportunity for the successful candidate to become part of an innovative and energetic team that believes: “security and Secure by Design principles can be a source of competitive advantage, and that world-class partnership throughout the Dev process mitigates risk, speeds delivery velocity, and improves quality.”
This position will be located in: Arlington, VA (DC Metro area)
- Contribute security and privacy requirements along with recommended solutions into the design phase of product builds.
- Perform threat modeling and facilitate design reviews across products to ensure proposed system and applications architectures have sufficient controls to mitigate evolving threats.
- Preform hands on code reviews, testing and validation of security components to ensure implemented controls fully meet security requirements.
- Plan, research and design robust security architectures in partnership with App/Dev/platform teams for any Application/IT project.
- Perform/participate in security architecture reviews to ensure all security architecture design best practices and standards are met.
- Incorporate Software Dependency Management and OSS License Compliance, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Runtime Application Security Testing (RASP) and Vulnerability Assessment technologies into CI/CD pipeline; Manage and support these products.
- Perform co-ordination and remediation of application defects identified by security tools and work with application and platform teams to ensure they understand the nature of the defect and suggest remediation options.
- Support the research of emerging technology, requisite security requirements, and emerging threats and develop way-forwards to meet organizational goals.
- Evaluate security tools, vendors and solutions to support information security roadmap initiatives.
- Work closely with architecture and development teams to develop common patterns for authentication, authorization, encryption, input validation/output encoding, logging, auditing and secrets management.
- Respond to security-related incidents and provide a thorough post-event analysis.
- Assist with planning and remediation of internal and external vulnerability, and external penetration scans, as needed.
- Actively manage planning and remediation of internal and external vulnerability scans, and external penetration tests, as needed.
- Ensure security methods conform to SSAE-18 SOC II and DMGT audit
- Locate and/or deliver training on secure development lifecycle and secure application coding practices specific to programing languages and applications frameworks in use.
- Partner with DevOps team to engineer automated, secure and auditable provisioning of cloud environments and application deployment.
- Min 2 years’ experience in Cloud Security Design / Implementation / Management with exposure to AWS / Azure Native Security
- Strong understanding and exposure to Network Security, Operating System Security, Web Security and End Point Security
- Proficient at the secure software development lifecycle and DevSecOps, experience in DevOps environments and maintaining security in CI/CD processes highly desired
- Proficient at identity, authentication and authorization systems
- Good understanding of cryptographic trust based systems
- Data and database security
- Federation, SSO, IDS, IPS, Host Based Firewall, WAF (Web Application Firewall), DNS, DHCP, HTTPS/TLS, SSH, Key Management, PKI, Tokens, SAML, OAUTH
- Coding experience is required
- Familiarity with threat models for large, distributed systems and cloud-based SaaS infrastructure
- Familiarity with BSIMM and OpenSAMM frameworks
- Deep understanding of OWASP Top 10 and CWE/SANS Top 25
- Knowledge of Intrusion Detection & Prevention Systems
- 10+ years of experience in security and technology based industry
- 5 years of experience working with various security architectures
- Experience automating security threat mitigation response is a plus
- Following certifications are a plus but not required: Licensed PEN Tester (LPT); Certified Ethical Hacker (CEH); Global Information Assurance Certification (GIAC); Certified Secure Software Lifecycle Professional (CSSLP)
- Bachelor’s Degree in Information Systems, Computer Science, Management Information System, Cyber Security or Engineering
Hobsons recognizes the importance of taking care of our most valuable assets – our employees. That’s why we not only offer a comprehensive total rewards package but also continuously evaluate our offerings to meet the evolving needs of our workforce.
Benefits Include (but may vary depending on location):
- Affordable and Competitive Medical, Dental and Vision Insurance Plans
- 401(k) Plan with Match
- Flexible PTO offering for all Exempt roles
- Substantial time off for all Non-Exempt roles, including Floating Holidays and Premium Days for Volunteering, Personal Wellness and/or School Conferences/Visits
- Education/Tuition Reimbursement
- Life, AD&D, Short-term and Long-term Disability Insurance
- Flexible Spending Accounts (FSA)
- Voluntary Employee Programs: Legal Services, ID Theft & Credit Monitoring
Work-Life Balance & Culture
- Company Closes December 24th through January 1st as a Paid Holiday
- Generous Holiday Schedule
- Employee Referral Bonus Program
- Casual Dress Environment
- Flexible Work Arrangement Opportunities
- Global Fitness Program Membership Discounts
- Hobsons Annual Achievement Awards Event
- Employee Funded International Charity Programs
- Adopt A Class - Local Community Involvement
- Work Perks Discount Program
To view our comprehensive list of total rewards benefits, please visit www.hobsons.com/careers/why-work-here. To learn more about Hobsons, and our products: Naviance, Intersect, Starfish, visit our corporate web site at www.hobsons.com and follow us on LinkedIn, Facebook and Twitter.
Ability to document identity and employment eligibility within three (3) days of original appointment as a condition of employment in compliance with Immigration Reform and Control Act requirements.
Note: U.S. Citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor at this time.
Hobsons is an Equal Employment Opportunity (EEO) employer and welcomes all qualified applicants. Applicants will receive fair and impartial consideration without regard to race, sex, sexual orientation, gender identity, color, religion, national origin, age, disability, veteran status, or other legally protected status.