Application Security Architect - Philadelphia PA - Georgia IT Inc.
Philadelphia, PA
About the Job
Job Title: Application Security Architect
Job Location: Philadelphia, PA
Position Type: Contract
Pay Rate: DOE
US Citizen, Green Card, GC EAD and H4 EAD only.
No sponsorship available for this job, NO C2C
Job Description:
Qualification:
Job Location: Philadelphia, PA
Position Type: Contract
Pay Rate: DOE
US Citizen, Green Card, GC EAD and H4 EAD only.
No sponsorship available for this job, NO C2C
Job Description:
- Perform security assessment and compliance activities by using assessment tools and procedures for the Comcast's Digital First Organization
- Continue to engage and build relationship with Comcast global Technology and Product Security teams
- Plan, research and design robust security architectures in partnership with App/Dev/platform teams for any Application/IT project
- Conduct and facilitate Threat modelling workshops
- Perform/participate in security architecture review (SAR) to ensure all security architecture design best practices and standards are met
- Perform planning and remediation of application static, dynamic and run-time code analysis (SAST, DAST, IAST/RASP) and also work with application and internal teams for to ensure secure coding practices are implemented
- Support the research of emerging technology, requisite security requirements, and emerging threats and develop way-forwards to meet organizational goals
- Oversee security awareness programs and educational efforts
- Respond to security-related incidents and provide a thorough post-event analysis
- Min 2 years' experience in Cloud Security Design / Implementation / Management with exposure to AWS / Azure Native Security
- Strong understanding and exposure to Network Security, Operating System Security, Web Security and End Point Security
- Research security standards, security systems and authentication protocols, keep abreast with latest trends in the cyber security industry
- PCI Compliance Experience to conduct PCI Compliance activities
- Strong understanding of PCI concepts
- Assist with planning and remediation of internal and external vulnerability, and external penetration scans, as needed
- Determine, document, and publicize the availability of PCI technical requirements
- Work with various departments to ensure that they are aware of and understand the technical PCI requirements that they must adhere to and sign off on
- Contribute content on PCI compliant requirements to support resources, including knowledgebase articles, quick reference cards, webinars, and training classes to raise understanding of PCI compliance
- Assist in evaluation, selection and implementation of encryption solutions and key management systems
- Assist in Vulnerability remediation in coordination with other ops / application teams
- Configure and run penetration test & Analysis and Suggestions
Qualification:
- Architected security for products, enterprise, information and other initiatives
- Proficient at the secure software development lifecycle and DevSecOps
- Proficient at identity, authentication and authorization systems
- Good understanding of cryptographic trust based systems
- Cloud security knowledge preferred
- Data and database security
- Federation, SSO, IDS, IPS, Host Based Firewall, WAF (Web Application Firewall), DNS, DHCP, HTTPS/TLS, SSH, Key Management, PKI, Tokens, SAML, OAUTH, Fido knowledge preferred
- Knowledgeable in compliance standards like: PCI, CPNI, ISO 27001, FCC Regulations, SOX, Subscriber PII
- Coding experience preferred but not required
- Security expertise in one or more relevant areas
- Knowledge of Intrusion Detection & Prevention Systems
Source : Georgia IT Inc.