Sr. Software Security Architect

Remote

SAS

SAS is the leader in analytics. Through innovative Analytics, Artificial Intelligence and Data Management software and services, SAS helps turn your data into better decisions.

View company page

You may work from a remote location for this role or you may join us at SAS Worldwide HQ in Cary, NC (when we return to campus) for this role.

 

Are you a problem solver, explorer, and knowledge seeker – always asking, “What if?” 

 

If so, then you may be the new team member we’re looking for. Because at SAS, your curiosity matters – whether you’re developing algorithms, creating customer experiences or answering critical questions. Curiosity is our code, and the opportunities here are endless. 

 

What we do  

We’re the leader in analytics. Through our software and services, we inspire customers around the world to transform data into intelligence. Our curiosity fuels innovation, pushing boundaries, challenging the status quo and changing the way we live. 

 

What you’ll do

As a Sr Software Security Architect on the Product Security Team in our R&D division at SAS, you will be a key contributor to software security design efforts across all of Research and Development. Successful candidates will solve complex technical problems, work closely with engineering teams, and communicate clearly and effectively to technical audiences. This position requires a diverse set of skills in application security, software development, and systems architecture. Your success will depend on your cooperative skills in working with R&D architecture and engineering teams across SAS.

 

You will:

  • Act as a point of contact resource to communicate secure architecture designs, to promote understanding of overall R&D security architecture.
  • Use standard tools and secure architecture methodologies to evaluate design trade-offs for developing updated architectures. Work with Product Management to ensure changes are consistent with business objectives and customer requirements.
  • Collaborate with product managers, UX designers, other R&D architects/developers, quality assurance, and engineers to determine functional and non-functional requirements for new and existing applications and tools. This will ensure that all products adhere to a common architecture as necessary, in order for these products to work well together and form a cohesive product line.
  • Manage risk identification and risk mitigation strategies associated with the architecture.
  • Plan evolutionary paths for secure SAS software architectures, incorporating dependent third-party architectural changes and new technology adoption.
  • Identify, train, and partner with champions for security in engineering and product teams
  • Support product security leads and security champions by helping them assess risk, learn to identify architectural gaps, and similar activities
  • Create secure engineering documentation, guidance, and similar collateral
  • Develop and run security brown-bags, run internal CTF's, and similar security awareness campaigns
  • Coach and train teams in topics related to security architecture, threat modeling, and secure coding
  • Mentor other engineers on the team
  • Help to identify the most important strategic investments to focus on as a team
  • Collaborate with other teams within security to identify new tools and processes to integrate into the Security software development lifecycle
  • Generally be an advocate for secure software development in R&D
  • Provide technical guidance on methodologies, frameworks, and best practices to developers to encourage the flow of information and promote understanding among product teams.
  • Enforce consistency in code design and practice, ensuring the technical aspects of applications and products produced by R&D adhere to the strategic goals of SAS.

 

What we’re looking for

  • You’re curious, passionate, authentic, and accountable. These are our values and influence everything we do.
  • You have a bachelor’s degree in Computer Science or a related quantitative field.
  • 5+ years of experience in the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services.
  • Knowledge of current Global Enterprise security risks.
  • Proponent of (or Evangelist for) DevSecOps.
  • 2+ years of recent or current software development experience in order to review code and be comfortable in guiding developers towards security practices.
  • Experience with one or more of the following programming languages: Python, Java, JavaScript, C/C++, PHP, SQL, Golang.
  • Expertise in securing enterprise web applications and familiarity with OWASP Top 10, CVSS, CWE and SANS-25.

The nice to haves  

  • Experience with Azure (preferred), AWS, GCP, Oracle, or IBM.
  • Maintain at least one active professional certification: CISSP, CSSLP, CEH, CCSP, OSCP or other Application Security certification.
  • Experience with Software Security tools, such as: Veracode, Black Duck, Metasploit, Checkmarx, SonarQube.
  • Experience with Web Application Security Tools, such as: ZAP, Wfuzz, Grabber, Burp, Vega, W3af.

 

Why SAS

  • We love living the #SASlife and believe that happy, healthy people have a passion for life, and bring that energy to work. No matter what your specialty or where you are in the world, your unique contributions will make a difference. 
  • Our multi-dimensional culture blends our different backgrounds, experiences, and perspectives. Here, it isn’t about fitting into our culture, it’s about adding to it - and we can’t wait to see what you’ll bring.

 

#remoteli #liremote

 

Additional Information:

To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status. SAS is an equal opportunity employer. All qualified applicants are considered for employment without regard to race, color, religion, gender, sexual orientation, gender identity, age, national origin, disability status, protected veteran status or any other characteristic protected by law. Read more: Equal Employment Opportunity is the Law. Also view the supplement EEO is the Law, and the Pay Transparency notice. 

 

Equivalent combination of education, training and experience may be considered in place of the above qualifications. The level of this position will be determined based on the applicant's education, skills and experience. Resumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.

 

All valid SAS job openings are located on the Careers page at www.sas.com. SAS only sends emails from verified “sas.com” email addresses and never asks for sensitive, personal information or money. Should you have any doubts about the authenticity of any type of communication from, for, or on behalf of SAS, please contact us at Recruitingsupport@sas.com before taking any further action.

 

In order to work at SAS, you must be fully vaccinated against COVID-19. If there is a medical or religious reason preventing you from receiving an available COVID-19 vaccination, and you are selected as a candidate for consideration, we have an accommodations process in place to evaluate those requests. 

Tags: Analytics Application security AWS Azure Black Duck C C++ CCSP CEH Checkmarx CISSP Compliance Computer Science CTF CVSS DevSecOps GCP Golang Java JavaScript Metasploit Oracle OSCP OWASP PHP Product security Python R&D SANS SonarQube SQL Veracode

Perks/benefits: Career development

Region: Remote/Anywhere
Job stats:  146  13  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.