Sr. Software Security Architect
You may work from a remote location for this role or you may join us at SAS Worldwide HQ in Cary, NC (when we return to campus) for this role.
Are you a problem solver, explorer, and knowledge seeker – always asking, “What if?”
If so, then you may be the new team member we’re looking for. Because at SAS, your curiosity matters – whether you’re developing algorithms, creating customer experiences or answering critical questions. Curiosity is our code, and the opportunities here are endless.
What we do
We’re the leader in analytics. Through our software and services, we inspire customers around the world to transform data into intelligence. Our curiosity fuels innovation, pushing boundaries, challenging the status quo and changing the way we live.
What you’ll do
As a Sr Software Security Architect on the Product Security Team in our R&D division at SAS, you will be a key contributor to software security design efforts across all of Research and Development. Successful candidates will solve complex technical problems, work closely with engineering teams, and communicate clearly and effectively to technical audiences. This position requires a diverse set of skills in application security, software development, and systems architecture. Your success will depend on your cooperative skills in working with R&D architecture and engineering teams across SAS.
- Act as a point of contact resource to communicate secure architecture designs, to promote understanding of overall R&D security architecture.
- Use standard tools and secure architecture methodologies to evaluate design trade-offs for developing updated architectures. Work with Product Management to ensure changes are consistent with business objectives and customer requirements.
- Collaborate with product managers, UX designers, other R&D architects/developers, quality assurance, and engineers to determine functional and non-functional requirements for new and existing applications and tools. This will ensure that all products adhere to a common architecture as necessary, in order for these products to work well together and form a cohesive product line.
- Manage risk identification and risk mitigation strategies associated with the architecture.
- Plan evolutionary paths for secure SAS software architectures, incorporating dependent third-party architectural changes and new technology adoption.
- Identify, train, and partner with champions for security in engineering and product teams
- Support product security leads and security champions by helping them assess risk, learn to identify architectural gaps, and similar activities
- Create secure engineering documentation, guidance, and similar collateral
- Develop and run security brown-bags, run internal CTF's, and similar security awareness campaigns
- Coach and train teams in topics related to security architecture, threat modeling, and secure coding
- Mentor other engineers on the team
- Help to identify the most important strategic investments to focus on as a team
- Collaborate with other teams within security to identify new tools and processes to integrate into the Security software development lifecycle
- Generally be an advocate for secure software development in R&D
- Provide technical guidance on methodologies, frameworks, and best practices to developers to encourage the flow of information and promote understanding among product teams.
- Enforce consistency in code design and practice, ensuring the technical aspects of applications and products produced by R&D adhere to the strategic goals of SAS.
What we’re looking for
- You’re curious, passionate, authentic, and accountable. These are our values and influence everything we do.
- You have a bachelor’s degree in Computer Science or a related quantitative field.
- 5+ years of experience in the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services.
- Knowledge of current Global Enterprise security risks.
- Proponent of (or Evangelist for) DevSecOps.
- 2+ years of recent or current software development experience in order to review code and be comfortable in guiding developers towards security practices.
- Expertise in securing enterprise web applications and familiarity with OWASP Top 10, CVSS, CWE and SANS-25.
The nice to haves
- Experience with Azure (preferred), AWS, GCP, Oracle, or IBM.
- Maintain at least one active professional certification: CISSP, CSSLP, CEH, CCSP, OSCP or other Application Security certification.
- Experience with Software Security tools, such as: Veracode, Black Duck, Metasploit, Checkmarx, SonarQube.
- Experience with Web Application Security Tools, such as: ZAP, Wfuzz, Grabber, Burp, Vega, W3af.
- We love living the #SASlife and believe that happy, healthy people have a passion for life, and bring that energy to work. No matter what your specialty or where you are in the world, your unique contributions will make a difference.
- Our multi-dimensional culture blends our different backgrounds, experiences, and perspectives. Here, it isn’t about fitting into our culture, it’s about adding to it - and we can’t wait to see what you’ll bring.
To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status. SAS is an equal opportunity employer. All qualified applicants are considered for employment without regard to race, color, religion, gender, sexual orientation, gender identity, age, national origin, disability status, protected veteran status or any other characteristic protected by law. Read more: Equal Employment Opportunity is the Law. Also view the supplement EEO is the Law, and the Pay Transparency notice.
Equivalent combination of education, training and experience may be considered in place of the above qualifications. The level of this position will be determined based on the applicant's education, skills and experience. Resumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.
All valid SAS job openings are located on the Careers page at www.sas.com. SAS only sends emails from verified “sas.com” email addresses and never asks for sensitive, personal information or money. Should you have any doubts about the authenticity of any type of communication from, for, or on behalf of SAS, please contact us at Recruitingsupport@sas.com before taking any further action.
In order to work at SAS, you must be fully vaccinated against COVID-19. If there is a medical or religious reason preventing you from receiving an available COVID-19 vaccination, and you are selected as a candidate for consideration, we have an accommodations process in place to evaluate those requests.
Explore more Cyber Security career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.
- Open Cyber Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Penetration Tester jobs
- Open Senior DevSecOps Engineer jobs
- Open Application Security Engineer/Architect jobs
- Open Senior Security Operations Engineer jobs
- Open Cyber Threat Intelligence Analyst jobs
- Open Lead Security Engineer jobs
- Open Senior Information Security Engineer jobs
- Open SOC Analyst jobs
- Open Cyber Security Analyst jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Engineer jobs
- Open Information System Security Officer (ISSO) jobs
- Open Sr. Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Security Officer 3 jobs
- Open Offensive Security Engineer jobs
- Open Senior Threat Intelligence Analyst jobs
- Open Cloud Security Automation Specialist jobs
- Open Information Security Officer jobs
- Open Azure Security Engineer jobs
- Open Vulnerability Analyst jobs
- Open Head of Information Security jobs
- Open Senior Information Security Analyst jobs
- Open DevOps-related jobs
- Open Audits-related jobs
- Open Analytics-related jobs
- Open Application security-related jobs
- Open PCI-related jobs
- Open OWASP-related jobs
- Open Threat intelligence-related jobs
- Open Clearance-related jobs
- Open Security assessments-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open Ruby-related jobs
- Open Splunk-related jobs
- Open Encryption-related jobs
- Open CEH-related jobs
- Open Open Source-related jobs
- Open CISM-related jobs
- Open GDPR-related jobs
- Open Agile-related jobs
- Open Threat detection-related jobs
- Open OSCP-related jobs
- Open Machine Learning-related jobs
- Open Intrusion detection-related jobs
- Open Docker-related jobs