Security Architect (Applications/DevOps)
Irvine, CA

Job Description

Are you up to the challenge? At ePlus, we engineer transformative technology solutions for the most visionary companies in the world. This takes imagination, relentless client service, and the tenacity to enable our clients to achieve their visions. Our partnerships with leading edge technology manufacturers-many of which look to us for their own technology infrastructure needs-keep us immersed across the broad spectrum of the IT ecosystem.

As an Application Security Developer, you will serve as the focused technical lead and implementation engineer for ePlus targeted product and service solutions, supporting the ePlus Area Practice Director and aligned teams to drive revenue creation and fulfillment within the customer account portfolio. You will have the opportunity to work with our master architects, engineers, and consultants, to understand our clients' needs and craft sustainable DevSecOps strategies.

Specifically, we are looking for a customer facing professional that is familiar with all aspects of Application Development including DevOp tools, static scanning, dynamic scanning, run-time security, secure coding practices, application and cloud integration.

From strategy to fulfillment to managed services, our engineering centric solutions enable our clients to realize what it means for technology to do more.

Job Responsibilities:

Sales /Customer Facing

* Will be engaged as the subject matter expert (SME) to discuss and implement DevSecOps for all things Cybersecurity. As a member of the team ensure that security improvement designs are evaluated, validated, and implemented as required. Certifies that protection and detection capabilities. This individual is responsible for using secure coding development approaches, and are consistent with organization-level cybersecurity architectures.
* Engages as the lead technical resource during engagements to scope competitive proposals and Statement of Work (SOW).

Engineering Team/Technical Facing

* Develop and collaborate with our vendor partners and implementation team to develop integrated design solutions that can be practically implemented. This includes scoping, planning, design, implementation and migration strategies that enhance system availability, performance, integrity, stability, and scalability for our customers.
* Lead design architecture and peer reviews to document and publish standards, policies, design sign-off, and guidelines for data center, enterprise and end point security.
* Performs cyber defense incident triage, including determining scope, urgency, and potential impact; identifying the specific vulnerability. Makes recommendations that enable expeditious remediation.

Your Corporate Responsibilities:

Internal Control responsibilities vary by role and are subject to change. Please discuss your individual internal control responsibilities with your immediate supervisor on a regular basis.

* Handle confidential matters and information professionally
* Conduct business in a professional, competent and ethical manner
* Adhere to corporate policies and procedures
* Complete administrative tasks (expenses, time reporting, pipeline) in a timely fashion

Job Knowledge/Skills:

Must be fully knowledgeable and able to operate in a delivery role to design, plan, and support deployment efforts around development security solutions using three or more of the following subject matters:

* Threat Modeling
* OWASP Top 10
* Application Security Verification Standard
* Identity & Access management
* CI/CD Security
* Encryption & VPN
* Application Security (web and database)
* Run-time Security
* Source Code Scanning
* 4+ years work experience programming in Java and Python with previous experience as senior developer/architect preferred.
* 4+ years in application security, experience deploying and managing SAST, DAST, and IAST solutions. Experience should include experience consulting and helping application developers implement better approaches.
* Experience conducting secure code reviews to identify and recommend resolution to secure code flaws.
* Experience conducting Threat Modeling workshops or exercises.
* Experience developing secure environments that enabling business by deploying solutions on SaaS, PaaS, IaaS and cloud-based platforms such as Openshift/Kubernetes, Pivotal Cloud Foundry, AWS and GCP.
* Experience with SSDLC practices in DevOps, CI/CD environment is preferred
* Ability to manage multiple deliverables and in a fast-paced environment
* Experience with multiple security technologies such as Web Application Firewalls, Code Analysis Tools, Bot Mitigation, etc.
* Experience or knowledge of applying risk management concepts is preferred
* Knowledge payment compliance and standards (PCI DSS, FFIEC, NIST Security Standards and Frameworks) is a preferred
* Consultative problem solver with strong interpersonal, teaming, leadership, creativity, influencing, problem solving, and conflict resolution skills required
* Excellent oral, written, and interpersonal communication and presentation skills across organizational boundaries

Education and Experience

* Bachelor's degree in Computer Science, Engineering, Math or Physical Science
* A minimum 2 years of application security experience
* Proficiency in AppSec and Web services security.
* Application development background. • CEH/CPT Certification and one of CISSP, CSSLP or equivalent certification.
* Greatly Preferred Experience:
* 4 or more years of experience in designing or implementing security principles within DevOps and integrating Security within a CI/CD pipeline.

#LI-LM1