Senior Application Security Architect

Senior Application Security Architect Remote or Hybrid (Cary NC)

Nice to meet you!

Were a leader in data and AI. Through our software and services we inspire customers around the world to transform data into intelligence and questions into answers.

Were also a debtfree multibilliondollar organization on our path to IPOreadiness.If youre looking for a dynamic fulfilling career coupled with flexibility and worldclass employee experience youll find it here.

About the job

The Product Security team is looking for a Senior Application Security Architect to be a key contributor to overall Product security. Successful candidates will partner with architecture engineering and cloud hosting helping to solve complex technical problems anywhere in the Software Development Lifecycle (SDLC) from design to operations. Technical security breadth and depth as well as clear concise and effective communications are crucial. This role requires a diverse set of skills in systems architecture software development and Product security. Success will depend on your collaborative skills working toward the SAS goal of meeting legal compliance and customer security requirements as part of providing SAS customers with the most trustworthy solutions globally.

As a Senior Application Security Architectyou will:

• Collaborate across R&D and cloud hosting teams to strategically improve the security posture of businesscritical multitier solutions in legacy hybrid cloud and public cloud environments. Includes tactical refactoring and promotions to maintain security consistency between all environments.
• Collaborate in the planning of evolutionary paths for secure architectures and systems incorporating and aligning dependent thirdparty architectures as well as the adoption of new technologies while maintaining a robust and consistent security posture. Includes employing specific security compensating controls defense in depth and security posture aspects in support of Secure by Default and Zero Trust principles.
• Work with development teams providing security assessment and hardening of products spanning the SDLC and development pipelines. Includes performing periodic secure design and code reviews to identify diagnose and triage issues assessing the security risk and recommending remediation steps for vulnerabilities and weaknesses improving security posture in architecture design code deployment and operations.
• Collaborate with Product Management to ensure security implementations are consistent with business objectives customer requirements and applicable global regulations.
• Identify train and partner with divisional Security Champions in place with product architecture and engineering teams. Help champions assess and gauge risk to identify security gaps or seams in the products and integrated solutions.
• Create and maintain secure engineering documentation guidance and similar collateral aligned with PSO standards policies and procedures.
• Collaborate with other teams within security to identify new tools and processes to integrate into the Secure SDLC. Recommend and promote software security policies standards and procedures that can improve the global security posture of the company. Mentor and coach with Product Security Office and other Security Architects aligned with your security breadth and depth where you are a Subject Mater Expert.
• Ensure all applicable security policies and processes are followed to support the organizations secure software development goals.

Required Qualifications

• 8 years of secure software development secure system architecture and design or related experience.

• 4 years of demonstratable experience in developing or adopting software security best practices.

• Bachelors degree with major study in Computer Science Electrical Engineering or related. Possess relevant security certifications such as from SANS GIAC or ISACA CEH for CCSP CSSLP CISM or CISSP.

• Knowledge of current Global Enterprise security risks and attacker TTPs (Tactics Techniques & Procedures)

• Experience with one or more of the following programming languages: Java C/C Python JavaScript PHP Golang etc.

• Ability to review code or logic and be confident in giving prescriptive guidance to developers in security patterns and best practices.

• Expertise in securing enterprise web applications and familiarity with OWASP Top 10 CVSS CWE and SANS25.

• Youre curious passionate authentic and accountable. These are ourvalues and influence everything we do.

Preferred Qualifications

• Experience with security in public clouds such as Azure AWS GCP or hybrids.

• Experience with SAST tools such as: Snyk Black Duck Sonar etc.

• Experience with DAST tools such as: ZAP Wfuzz Grabber BurpSuite Vega W3af etc.

• Knowledge of and experience with auditing implementing and supporting DevSecOps.

WorldClass Benefits

Highlights include...

• Comprehensive medical prescription dental and vision plans.
• Medical plan options include...
  • PPO with low annual deductible and copays.
  • HDHP combined with a health savings account with a contribution from SAS (no access to onsite health care center).
• Onsite Health Care Center (HQ) thats free to employees and family members enrolled in the PPO plan. Theres a pharmacy too! Not local to HQ The pharmacy will ship prescriptions for no additional charge!
• An industryleading 401k plan.
• Generous time away including vacation time a variety of paid holidays and our muchloved U.S. Winter Wellness Break between December 25 and January 1.
• Volunteer Time Off parental leave and unlimited paid sick days.
• Generous childcare benefits for all fulltime employees.

Diverse and Inclusive

At SAS its not about fitting into our culture its about adding to it. We believe our people make the difference. Our diverse workforce brings together unique talents and inspires teams to create amazing software that reflects the diversity of our users and customers. Our commitment to diversity is a priority to our leadership all the way up to the top; and its essential to who we are. To put it plainly: you are welcome here.

Additional Information:

To qualify applicants must be legally authorized to work in the United States and should not require now or in the future sponsorship for employment visa status. SAS is an equal opportunity/Affirmative Action employer. All qualified applicants are considered for employment without regard to race color religion gender sexual orientation gender identity age national origin disability status protected veteran status or any other characteristic protected by law. Read more: Know Your Rights.

Resumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.

SAS only sends emails from verified sas email addresses and never asks for sensitive personal information or money. If you have any doubts about the authenticity of any type of communication from or on behalf of SAS please contact

#SAS #LIWR1