Job Information
Clean Harbors Sr Application Security Architect in Norwell, Massachusetts
The Senior Application Security Architect is responsible for validating that application services are designed and implemented with high security standards. The role is focused significantly on application program interfaces (APIs), and the architect spends a large percentage of time developing and supporting security controls for API services. Additionally, the architect establishes an application security vision with sustainable standards and processes. An influential member of the team, the architect is a primary liaison with the security, engineering and technology teams.
Influence secure API development standards and implementations across multiple platforms
Adopt security standards for the API lifecycle and disseminate them across development and security teams
Enforce rigorous security controls with internal and external constituents, and follow through for verification and consistency
Document and provide ongoing maintenance of materials to eliminate discrepancies in development and security best practices.
Focus on automation to aid in efficiencies with both testing and production
Develop authentication and authorization security requirements to adhere to credential storage, privilege management and authenticity standards; support role- and attribute-based access control
Work in tandem with developers to provide repetitive validation testing prior to production that allows for a continuous cycle of development followed by application security assessments
Regularly monitor the security community for public-facing security issues as well as to learn new tactics for securing data transmissions and reducing attack exposure
Attend and participate in application projects and change management committee meetings. This includes interacting with business units and technical teams to understand what is coming and how projects can be more secure from the beginning
Leverage security standards and implementation configurations, as well as common security frameworks
Document secure delivery and implementation advancements that meet defined service-level agreements (SLAs) and business metrics
Align with architects and development teams for a mission of secure design and data integrity preservation among users, apps and infrastructure
Develop security test plans from architectural designs, identify deficiencies and make enhancements to ensure production is not impacted
Actively participate in and lead security team meetings that facilitate secure design
Be highly engaged in information security projects that evaluate existing security infrastructure and proposed changes as defined by security leadership and architects; deliver projects on time, within budget and in accordance with SLAs
At least 5+ years’ experience in cybersecurity preferred, including compliance and risk management with system and application security engineering
Highly technical and analytical with a proven deep background in application programming (5+ years above and beyond cybersecurity experience preferred)
Established experience with Agile and software development lifecycle (SDLC) practices
Experience in DevSecOps to integrate security principles into the development process, such as vulnerability code review, development security frameworks, testing, and integration of such processes within a CI/CD pipeline
Assess and understand security requirements of the Clean Harbors network, including impacts on bandwidth, latency, availability, and confidentiality
Proficient in Data security concepts pertaining to data with physical security, access controls, logical application security including visibility and data protection
Experienced with REST and SOAP development and security controls.
Experience with .NET Java, Python, C++, Angular, etc. and the ability to drive a security by design approach within the software development lifecycle
Knowledge of security fundamentals for software-as-a-service (SaaS) application integrations and effective use and security configuration of Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) within Azure and Oracle Cloud environments
Solid understanding of network and web protocols
Skillful in single sign-on (SSO), OAuth 2.0, OpenID Connect and SAML
Proven excellence in communicating business risk from cybersecurity topics
Knowledge of practices and guidance emerging from OWASP, NIST and SANS, among others
Experienced working with API gateways such as Ws02, Oracle OIC and Azure Gateway
Experienced with securing intra-company and third-party APIs
Clean Harbors is an equal opportunity employer. We do not discriminate against applicants due to race, ancestry, color, sexual orientation, gender identity, national origin, religion, age, physical or mental disability, veteran status, or on the basis of any other federal, state/provincial or local protected class.
Clean Harbors is a Military & Veteran friendly company.
#LI-DF1
*CH
Clean Harbors
- Clean Harbors Jobs