In the role of Lead Cloud Application Security Architect for Forge Performance Plus product, you will join a growing Product Security team providing expertise in secure software, requirements, and architecture throughout all phases of the product lifecycle. The Lead Cloud Application Security Architect will report to the Senior Cyber Manager and will drive security baselines, processes, solutions, and risk reduction across a growing line of core product areas; providing mentorship to team members.
KEY RESPONSIBILITIES
· Conduct design review of the core platforms in building the best and most secure Honeywell products in Azure Cloud
· Drive secure product development using existing standards and practices, staying abreast of emerging threats, security practices, and technologies in the cloud
· Influence decision-makers and stakeholders, improve secure coding practices, security requirements, and design
· Regularly participate in PI Planning and Scrum Meetings to ensure that security is at the forefront of development and product management mind
· Provide product security assessment reports to the Senior Management, Development Managers and Product Managers on a regular basis
· Define and continuously improve Honeywell Secure SDLC process by simplifying and automating to match delivery speed of development teams
· Drive secure engagement and architecture including threat modeling, vulnerability and risk assessment, analysis of findings from penetration tests, and tools (e.g., SAST, SCA, Container vulnerability scans)
· Drive incident response investigation, ensure coordination for remediation plan and execution
· Scope and drive security testing of products, perform results assessments, and assist in remediation strategies with engineering
· Mentor and coach engineering and security architects in secure SDLC practices, train and engage security advocates
YOU MUST HAVE
· Bachelor’s degree
· 8+ years of experience of application security architecture for any public cloud such as AWS, Azure, GCP
· 5+ years of programming experience
WE VALUE
· Experience in architecting enterprise class high-volume high-performance software products
· Secure software development lifecycle (SSDLC) experience
· Rich software development background
· Certifications in Secure Software Lifecycle or Cloud Security demonstrating deep practical knowledge, such as CSSLP or CCSP
· Azure, AWS or GCP Security or Solutions Architecture Certifications
· Understanding of the challenges operating trusted infrastructure in public cloud environments, as well as on-premises.
· Ability to drive security concepts and practices into development teams, as well as communicate security risks, threats, and mitigation strategies
· Strong interpersonal skills with the ability to facilitate diverse groups, help negotiate priorities, and resolve conflicts among project partners
· Understanding of Agile software development practices
· In-depth knowledge and understanding of OWASP Top 10 and CWE Top 25 with experience in assessment and providing remediation strategies
· Experiences with DevOps (CI/CD) & SDLC
· Master’s degree
· Strong interpersonal skills with the ability to facilitate diverse groups, help negotiate priorities, and resolve conflicts among project partners
· Passion for achieving results and continual self-improvement