Software Architect (Cybersecurity)

We are seeking a highly skilled SOFTWARE SECURITY ARCHITECT who will be responsible for measures to improve and ensure the security of web applications, code, and related components in our company’s cloud products. The ideal candidate will have a strong understanding of the software development lifecycle and software security.

POSITION SUMMARY:

Software Architect (Cybersecurity) is responsible for measures to improve and ensure the security of web applications, code, and related components in DSS Health Cloud products (including those for third-party vendors). It is tactical in nature and requires direct software development experience to better understand the nature of code constructs and how a software security concept is transformed into production level code. The role works with the team and Infrastructure members to provide guidance and requirements for secure development standards and training, security testing tools focused on the application layer, threat modeling, penetration testing and vulnerability disclosure programs; but it is the responsibility for the incumbent to translate these requirements into code implementation. It works in collaboration with the Security Software Engineering resources teams within the Research and Development department to formulate tactical code implementation plans so that Product Owners can better prioritize software features.

• Assist with the development and execution of the product & application security architecture and program strategy.
• Align and periodically communicate metrics with the Product Ownership teams around the effectiveness of the application security program.
• Review source code, 3rd party components, software/system designs and consult with stakeholders across the organization to identify and/or avoid security issues through alignment with security standards and best practices.
• Leverage the accumulated subject matter expertise of DSS’ applications, systems, and code to propose and drive architectural improvements which address classes of security flaws in the FedRAMP ecosystem and other projects such as SOC2 and HiTrust.
• Document and improve secure development lifecycle processes, standards and guidelines while making improvements to the corporate Development Standards maintained by the Research and Development Department.
• Deliver training and provide mentoring to software developers on security topics.
• Facilitate threat modeling exercises to ensure optimized security design decisions are being made.
• Document remediation recommendations and collaborate with developers to ensure vulnerability findings are successfully and efficiently addressed.
• Participate in requirements definition and perform initial risk analysis to define a minimum standard of security for each application.
• Work with project teams to prioritize security milestones.
• Assist in the enforcement of corporate-wide information security policies, guidelines, and best practices.
• Align the overall security governance with IT architecture governance and project and portfolio management (PMO).
• Evaluate, develop, and implement secure solutions, based on approved enterprise security architectures.
• Ensure changes do not create or introduce security gaps.
• Other duties as assigned by management.

Required:

• 10+ years of relevant work experience as a software developer or engineer.
• 2+ years’ work experience as an information security officer.
• 3+ years’ experience with assessing/securing large, complex SaaS applications.
• 1+ years’ experience with FedRAMP and/or SOC 2 knowledge.
• 2+ years of experience as a people manager.
• Experience as a senior/staff/lead security engineer in product and application security.
• Experience leading security projects and initiatives that require collaboration with teams across an organization.
• Understanding of application security vulnerabilities (e.g., OWASP Top 10), defense techniques and security best practices, including language-specific security practices and current threats.
• Experience with modern application development languages and frameworks (e.g., .NET, Node.js, Java, Python, React, Angular).
• Use of agile methodologies for project management.
• Manual web application penetration testing experience, including the use of professional penetration testing tools.
• Strong familiarity with AWS, Docker, Kubernetes, Linux and similar infrastructure/technologies.

Desired:

• Mature organization and time management skills.
• Project management expertise.
• Strong interpersonal and communication skills.

Required: Bachelor’s degree or equivalent experience.

Desired: Master’s degree, MBA.

Required: One or more relevant security certifications (CSSLP, CISSP, CISM, CEPT, CMWAPT, CPT, CEH, LPT, GWAPT, GPEN, GXPN, OSCP).

Desired: Any relevant certifications to position or department.

10+ years of relevant work experience as a software developer or engineer; 2+ years’ work experience as an information security officer; 3+ years’ experience with assessing/securing large, complex SaaS applications; 1+ years’ experience with FedRAMP and/or SOC 2 knowledge; 2+ years of experience as a people manager.

• Operate computer and other office equipment including phones, faxes, instant messaging, email, webcasts. Up to 90% of time.
• Perceive computer form layout. Up to 90% of time.
• Work in a stationary position, sitting. Up to 90% of time.
• Move about office, standing, walking. Up to 5% of time.
• Transport unassisted up to 20 lbs. equipment/supplies, lifting, stooping, bending. Up to 10 times per day.
• Communications, oral, written and visual. Up to 90% of time.
• Travel by common carrier up to 25% per year.
• Lift and carry up to 50 lbs. unassisted while traveling.

This role can be Remote which would allow most work to be performed at home; however, the Employer is a Federal Contractor and subject to federal vaccination mandate. Employees must be fully vaccinated to come onto any of DSS, Inc’s sites or Client sites.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

If you need an accommodation seeking employment with DSS, Inc., please email jobs@dssinc.com or call (561) 284-7373. Accommodations are made on a case-by-case basis.