Security Architect in Warsaw
About the role:
* Technology Risk Advisory Team function by being a part of a highly technical staff that assess risk, identify risk and advise on risk. In this role, you will be reviewing Software Architecture designs and helping identify detrimental architecture flaws earlier in the SDLC.
* Technology Risk Advisory Team delivers best in class advisory support and technology solutions across the Information Security risk domains, including scalable uplifts of common core security solutions. As a Security Architect, you will be part of a technical team that is responsible for assessing and managing the portfolio of risks for Divisionally aligned products. You are expected to have a working knowledge of the products you support and provide technical design consultancy services as needed. The team is responsible for all assessments, including, Design / Architecture Reviews, Manual Code Reviews, Penetration Testing, Config reviews, and Continuous Monitoring / Scanning. The ideal candidate should possess the aptitude to learn security concepts and provide guidance to technology teams and work collaboratively to drive down risk.
* Several years' experience in technical roles focusing on the application and/or cloud security
* Prior experience in performing Threat Modelling or Secure Design Reviews.
* Knowledge of OWASP Top 10 and cloud security gaps.
* Familiarity with security standards such as OWASP Testing Guide, OWASP ASVS, NIST and Sans top 20.
* Common security controls
* Experience in application vulnerability assessment and penetration testing of web, thick-client, or mobile applications.
* Working knowledge of application security tools
* Familiarity with web stack technologies and platforms
* Familiarity with common cloud services like AWS
* Understanding of core cryptography concepts
* Ability to analyse protocols (OAuth, SAML), flows and interactions to evaluate gaps.
* Experience in crafting custom proof of concept application exploits using testing tools/frameworks or scripting exploit.
* Knowledge of network, application and operating system security risks.
* Experience doing architecture review of Mobile applications.
If you are enthusiastic and self-motivated with a professional passion. If you are able to cooperate with international staff with multi-cultural backgrounds and all levels and you think that job is suitable for you or any other that roles that we have available at the moment, please call +48221040860