This job posting isn't available in all website languages
2000929 Requisition #
Thanks for your interest in the Information Security Architect position. Unfortunately this position has been closed but you can search our 169 open jobs by clicking here.
As an Information Security Architect, you will play a key role in partnering with IT-Operations, Product Software Development and the Business to drive security practices and technical solutions throughout the enterprise. This role will focus on current security measures, identify opportunities for strengthening infrastructure designs, development practices, and testing methods in a complex cloud SaaS environment. This includes ensuring that all aspects of company cybersecurity adhere to the adopted cybersecurity framework. The successful candidate will be an expert in the design, use and measurement of secure practices, security testing tools and will have a strong background in writing security user stories and detailed technical specifications for security solutions, product designs and cloud infrastructure. They will be able to span application, infrastructure, operations, and IT/business services disciplines and will have domain expertise that is applicable across teams. This individual will quickly establish relationships and serve as a trusted advisor for Product Software Development, Operations, and IT departments, and will also have a hands-on role in designing solutions and creating specifications for those teams.

• Analyzes information security systems and applications and recommends and develops security measures to protect information against unauthorized modification or loss
• Architect and design security solutions that enforce security consistently across internally developed, commercial-off-the-shelf and cloud-based applications
• Perform security architecture reviews
• Act as a subject matter expert to interpret the results from vulnerability scans (dynamic testing and static code analysis) and work with developers to remedy vulnerabilities
• Monitor and triage vulnerabilities reported by vendors and researchers
• Develop application security policy and standards/best practices
• Conduct penetration testing of internally developed applications
• Evangelize application security and secure development practices
• Evaluate/apply new and emerging security technologies and solutions
• Responsible for performing application vulnerability assessments
• Review security logs on a regular basis to identify anomalous events and investigate possible breaches to the company’s security
• Review code across a variety of programming languages
• Assess SDLC processes and promote adoption of secure SDLC practices
• Provide interpretation and remediation of vulnerabilities across a variety of applications and platforms
• Explain and demonstrate vulnerabilities to application developers and/or QE teams as needed; provide recommendations for mitigation issue reports on assigned application and system scans
• Conduct white box and black box security testing as needed to assess and validate identified application security vulnerabilities across variety of application
• Monitor and track progress of found vulnerabilities and maintain a historical log
• Participate in design reviews with Development teams as needed
• Employ security code analysis tools and develop testing scripts and procedures
• Perform secure code development training to Developers and relevant teams
• Prepare and present reports and metrics to management
• Assist in implementing appropriate changes as needed within application security to mitigate vulnerabilities and exposures
• Provide recommendations for business and process improvement
• Mentors other junior team members or cross-functional team members
• Other security-related projects that may be assigned according to skills

• Bachelor’s degree in Computer Engineering or equivalent
• Minimum of 5-10 years of work experience in web and mobile application security
• Minimum of 5+ years of IT or software development experience
• Experience working in software development
• Experience with vulnerability scanning tools (e.g., Qualys, Nessus, Tenable.io, Metasploit)
• Experience with web application vulnerability scanning tools (e.g., NTO Spider, Burp Suite Pro)
• Experience with static analysis tools (e.g., IBM Appscan Source, HP Fortify)
• Experience with high level programming languages (e.g., Java, C, C++, .NET (C#, VB))
• Experience with web application development (e.g., Java, .NET, ASP, PHP, JSP)

Training Requirements (licenses, programs, or certificates):
• Possess current security certifications (e.g., CISSP, CISM, CEH, GIAC)
Other Knowledge, Skills and Abilities:
• Practical knowledge of application security standards and compliance (e.g., OWASP, Sarbanes-Oxley act, HIPAA)
• Solid knowledge of information security principles, web applications and a level of familiarity with malicious code and common techniques used by hackers.
• Knowledge of cloud-based infrastructures and how they affect security needs
• Understanding of malware such as worms, viruses, trojans, etc.
• Ability to read and understand system data including security event logs , system and application logs
• Solid understanding of enterprise wide technologies, including databases, operating systems, web applications, etc.
• Solid understanding of computer file systems and architecture
• Excellent verbal and written communication skills
• Excellent problem solving and analytical skills
• Ability to communicate with employees at all levels of the organization
• Ability to work with multidisciplinary and cross-functional teams
• Ability to communicate technical concepts to nontechnical disciplines
• Employs professional skepticism
• Reliance on a risk-based approach
• Proficiency with threat-modeling
• Ability to negotiate towards a balanced, acceptable risk solution
• Current on relevant application security and architectural trends
• Excellent interpersonal, presentation and facilitation skills
• A demonstrated commitment to high professional ethical standards and a diverse workplace

• Minimal travel required
• Work in clean, pleasant, and comfortable office setting
• The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Please Note: TriNet reserves the right to change or modify job duties and assignments at any time. The above job description is not all encompassing. Position functions and qualifications may vary depending on business necessity.

TriNet is an Equal Opportunity Employer and does not discriminate against applicants based on race, religion, color, disability, medical condition, legally protected genetic information, national origin, gender, sexual orientation, marital status, gender identity or expression, sex (including pregnancy, childbirth or related medical conditions), age, veteran status or other legally protected characteristics. Any applicant with a mental or physical disability who requires an accommodation during the application process should contact recruiting@trinet.com to request such an accommodation.


Previous Job Searches

Activity Feed

Job shares through TriNet
Someone applied to the Human Resources Specialist position. About an hour ago
Someone applied to the Lead Analyst, CX Process Operations position. 17 hours ago
Someone applied to the Area Director of Sales - Mid-Atlantic position. 17 hours ago
Someone applied to the Manager, Sales Development position. 1 day ago
Someone applied to the Senior Coordinator, Administrative Services position. 1 day ago