Senior Application Security Architect
Prove is the modern platform for continuous identity authentication and is used by over 1,000 enterprises and 500 financial institutions including 9 of the top 10 U.S. banks. Prove’s cloud solutions and mobile intelligence -driven APIs can be easily orchestrated to increase Approve Rates to over 90%, enabling companies to authenticate customer identities accurately, effortlessly, and privately, while mitigating fraud. Prove’s solutions are available in 195 countries. For the latest updates from Prove, follow us on LinkedIn.
As we continue to scale our company, we are looking for people who know how to make an impact. We’re talking self-starting professionals who thrive in a fast-paced environment, process information quickly and make intelligent decisions. The work is challenging and requires not only smarts, but natural curiosity and tenacity. Teamwork is also important to us – we work together and play together.
Prove has big plans; we’re excited and optimistic about the future. If this sounds like a career for you – come check us out.
Summary
The Senior Application Security Architect will design software and technologies that support Prove’s business, while protecting against malicious actors. This role partners with fellow architects, engineers and additional staff to design, test and maintain solutions that meet security requirements. Solutions will be designed to protect against unauthorized access, modification and destruction, using threat modeling, vendor supplied tools, custom methods and a life cycle approach. To be successful, you must understand secure coding practices and be capable of communicating to the appropriate staff. Experience working with regulated environments covered by PCI, HIPAA, SOC 2 Type 2, NIST and / or GDPR is necessary. The ability to work with multiple teams and roles to accomplish department goals is a must.
What You Are Accountable For:
- Assist in the development of security strategies and implementation roadmaps centered around mobile identity and authentication.
- Assist in deploying, monitoring, troubleshooting and changing complex environments.
- Partner with architects in IT, Security and services teams in designing next generation customer and employee applications.
- Research and evaluate the impact of new vulnerabilities, security alerts and threat intelligence.
- Stay informed of new security technologies and solutions to assist in the on-going development of the overall security strategy.
- Work within the Security Development Life Cycle to build services and applications (both in-cloud/on-prem) for customers.
- Perform DAST, SAST and SCA assessments using COTS tools, along with manual methods, custom scripts and threat modeling.
- Guide software engineering teams within the organization through security related processes required for regulatory compliance and best practices.
- Participate in internal investigations and incident response events.
- Achieve compliance and a secure posture by verifying vulnerabilities are remediated within appropriate time frames, helping to ensure compliance with PCI DSS, HIPAA, SOC 2 Type 2, NIST and GDPR.
- Document builds and standards.
- Share experience, knowledge and ideas with management and co-workers to maintain a kind and respectful team-based environment.
- Promote, maintain and enhance our cultural values of humility, passion, inclusion, and leadership.
- Strong passion for learning about our products and markets through in-house and external training.
What We Require:
- Eight plus (8) years of relevant experience as an application security consultant / penetration tester / security architect.
- At least two (2) years of experience as a developer / software engineer.
- Bachelor’s degree or higher. Each higher-level degree, i.e., Master’s Degree or Ph.D., may substitute for two years of experience.
- Understanding of PCI DSS, HIPAA, SOC 2 Type 2, NIST and / or GDPR requirements as related to software development and secure code.
- Understanding of a Security Development Life Cycle.
- Experience with vulnerability management.
- Knowledge of Incidence Response policy, process and execution.
- Ability to communicate software security issues to fellow architects, engineers and staff.
- Ability to perform penetration tests using COTS software and manual methods.
- Experience in cybersecurity, fintech or fast-growing startup is preferred.
This position is eligible to participate in the annual incentive program. Prove’s Benefits include but are not limited to:
-Excellent health, dental, and vision insurance that begins on your first day of employment
-401(k) plan with company match
-Unlimited vacation time
-Stock option grants for each full-time new hire
Closing based on a template for: All teams in All locations
This position description should not be considered the final description of the position. It should be assumed that we would, to some extent, structure responsibilities in accordance with the successful candidate’s capabilities and changing business conditions.
Prove is an equal opportunity employer committed to providing equal employment opportunity for all people regardless of race, color, religion, gender or sexual orientation, age, marital status, national origin, citizenship status, disability, veteran status or other personal characteristics.
This position description should not be considered the final description of the position. It should be assumed that we would, to some extent, structure responsibilities in accordance with the successful candidate’s capabilities and changing business conditions.
Prove is an equal opportunity employer committed to providing equal employment opportunity for all people regardless of race, color, religion, gender or sexual orientation, age, marital status, national origin, citizenship status, disability, veteran status or other personal characteristics.