Job Details | Enterprise Security Architect - Application Security

Registered employers can post jobs, search for candidates, and/or post a company profile on ChicagoJobs.com

Quick Search
Run a quick search through the entire listings of jobs on this website. Filter your search by one, two or all three of the following criteria:





View Job

This job posting is no longer active on ChicagoJobs.com and therefore cannot accept online applications.


    

This posting cannot receive an online application from your ChicagoJobs.com account. To apply, follow the employer's instructions within their job description.

U.S. Cellular

Location: ChicagoIL 60601 Document ID: AC316-36WD Posted on: 2018-10-1110/11/2018 Job Type: Full-time

Job Schedule:Full-time
2018-11-10
 

Enterprise Security Architect - Application Security

Enterprise Security Architect - Application Security - INF001194

The Enterprise Security Architect - Application Security is part of the security team that ensures all Enterprise technology solutions are designed, implemented, and maintained in accordance with security best practices and organizational requirements. The Architecture team will advocate, design, and help drive implementation of processes and technology relating to risk and access control across the Enterprise organization; collaborates with the Information Risk group and Audit Group to identify & prioritize risk issues, technology audits, and compliance issues. The Security Architecture team owns security assessments, Security Policies and Standards, and the Security Risk Management Program. In addition, the Security Architecture team consults across the organization regarding security concerns.

Essential Duties and Key Responsibilities
  • Participate in defining and maintaining the security strategy for Application Security
  • Participate in providing information risk management consulting to the enterprise. Conduct risk assessments of new and existing technologies, primarily related to application security.
  • Participate in providing strategic technical architectures (current state, reference, transition) for the enterprise, which are used to guide subsequent solution, infrastructure, and application architectures
  • Recognize, identify, and address potential areas where existing security policies and procedures require change, or where new ones need to be developed, especially regarding future business expansion.
  • Work in partnership with application development resources to embed security into applications. Participate in establishing an inter-departmental DevSecOps culture to enable continuous security enhancements and new feature releases into the product design
  • Participate in development of application security threat models, and apply for identification and responding to threats. Work with the owners and teams to identify and arrange for deployment of appropriate compensating controls to address vulnerabilities, security gaps, and risks.
  • Participate in application and software development design reviews, code assessments, and development lifecycle planning
  • Evaluate and recommend product concepts & IT project requests to ensure adherence to security standards, particularly related to application security functions. This includes internal, third party, and cloud-based solutions.
  • Perform or contribute to security testing of systems.


Experience and Educational Requirements
  • College degree in related technical / business areas preferred
  • 3+ years relevant work experience preferred
  • Experience or exposure to building security into the SDLC cycle, DevSecOps, and secure coding
  • Prior development experience is a plus
  • Experience with Automated and Manual Secure Code Assessments
  • Experience with Mobile application security
  • Experience with several of the following: Java, PHP, Python, C/C++/C#, Node.JS, .NET, Perl, common database technologies
  • Experience with dynamic application security testing
  • Penetration Testing experience is a plus
  • Professional Certification such as CISSP, CISM, SCF, GPEN, CEH, CPT, CCSK is a plus
  • Knowledge of application security technologies: Code scanners (Static and dynamic), application firewalls, vulnerability scanners
  • Knowledge of Identity and access technologies: AD/LDAP, Identity Management (IdM), industry standard authentication solutions (SAML, OAuth, OpenID, identity provider & service provider oriented platforms)
  • Knowledge of Industry Standards: ISO 17799/27001, CIS Critical Security Controls, NIST Publications, and other Industry Related Security Standards
  • Knowledge of Industry Regulations: Payment Card Industry (PCI), CPNI, SOX
  • Knowledge of Frameworks: ITIL, COBIT, NIST CSF
  • Knowledge of Cloud


Job : Information Technology

Location(s) : Illinois-CHICAGO_IL

U.S. Cellular® is an EEO employer and gives consideration to qualified applicants without regard to race/color/age/religion/sex/sexual orientation/gender identity/national origin/disability/veteran status, pregnancy or genetic information.
     
Minimize

Facebook

Minimize