Application Security Architect (Remote)
Toronto, Ontario
Applications have closed
Attabotics
Attabotics is building the future of warehouse automation solutions with revolutionary warehouse robotics and automated picking systems.Who you are
- Bachelor's Degree in Computer Science or related industry experience.
- 5+ years of experience in a Security Engineering role with a specific focus on vulnerability management and secure coding.
- Thorough understanding of software security vulnerabilities, including but not limited to the OWASP Top 10 list of vulnerabilities.
- Ability to assess and evaluate vulnerabilities associated with Linux and Windows operating systems, cloud provider ecosystems (Azure, AWS, GCP), open-source components, Docker / Kubernetes.
- Familiarity with cybersecurity frameworks and regulations such as NIST, CIS, ISO (27001 and 27002), and EU GDPR.
- Solid understanding of application and database security concepts and architectural principles around authentication, authorization, session management, configuration management, data handling and cryptography
- Prior experience in Threat Modeling and the ability to coach others in this practice
- Experience in making domain-driven design decisions and trade-offs; for example: security vs. speed or complexity.
- Highly technical and a good negotiator
- Excellent written and verbal communication skills (ability to influence without the authority) Nice to Have
- Proficient with Azure DevOps
- Very good understanding of networking
- Prior development experience. For example, using C# (preferred), C,C++, JavaScript/TypeScript, Python.
- Experience with Rust is a plus
What we need
- Review the state of the Attabotics code bases (embedded, cloud, on-premise), pipelines, release gates and servicing methodologies
- Review and evolve the security architecture for our embedded, cloud-based, and on-premise software lead security reviews and risk assessments for all software on an ongoing basis. Develop a roadmap (sequenced milestones) for addressing security technical debt, followed by a “stay safe” posture for all code.
- Drive progress on the security roadmap with stakeholders through a unified dashboard to hold all parties accountable
- Define and reinforce secure coding practices throughout the SDLC Drive the adoption of standardized methodologies, libraries, and tools.
- Provide expert advice and coaching to engineering teams and leadership. Guide the teams in new feature security reviews and threat modeling.
- Conduct internal penetration testing and security scanning using appropriate tools and methodologies. Work with 3rd party security assessment and penetration testing vendors as needed.
- Provide solutions to remediate security flaws. Facilitate rapid corrective action for high-impacting issues.
- Partner with the Engineering and QA teams to ensure that security testing objectives are met. Ensure the adoption of security best practices in testing, automation, and CI/CD pipelines.
- Advise and participate in the Security response team as needed.
- Document compliance to regulatory guidelines and standards. Author externally facing security communications exemplifying thought leadership.
- Stay abreast of emerging security threats, vulnerabilities, and controls to coach the entire organization on state-of-the-art security practices .
Tags: Application security Automation AWS Azure C CI/CD Cloud Compliance Computer Science Cryptography DevOps Docker GCP GDPR JavaScript Kubernetes Linux NIST OWASP Pentesting Python Rust SDLC Security assessment TypeScript Vulnerabilities Vulnerability management Windows
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open DevSecOps-related jobs