Senior Application Security Architect

As the largest provider of IT services Leidos develops and sustains large data and technology infrastructures and integrates complex law enforcement IT system for several US federal agencies. At Leidos we offer engaging careers a collaborative culture and support for your career goals and growth. This role would be serving a federal law enforcement agency in Clarksburg WV with remote work possible.

We are seeking a talented and experienced Senior Application Security Architect on our team. The ideal candidate will be responsible for designing and implementing secure application architectures within an enterprise environment encompassing crossplatform technologies integrating security into CI/CD systems ensuring compliance with security standards including NIST and OWASP and leveraging experience in REST Python Perl JAVA and PowerShell. This role will be part of a strategic application security team which is part of a larger team that is responsible for defining and enforcing the organizations secure application development lifecycle.

Primary Responsibilities:

• Design and implement secure application architectures across various enterprise environments and crossplatform technologies.

• Integrate security into CI/CD pipelines automating security testing and code analysis processes.

• Conduct security architecture reviews of existing and new applications identifying potential vulnerabilities and weaknesses.

• Provide security guidance and best practices to development teams throughout the Software Development Life Cycle (SDLC).

• Perform threat modeling to identify potential attack vectors and prioritize security efforts.

• Define security requirements for applications and APIs ensuring compliance with NIST OWASP and other relevant security standards.

• Review code (in languages like Python Perl JAVA) for security vulnerabilities and provide remediation guidance.

• Configure and utilize application security testing tools (SAST DAST etc.) to automate vulnerability detection.

• Collaborate with infrastructure and operations teams to ensure secure deployment and configuration of applications.

• Develop and maintain secure coding guidelines and best practices for developers.

• Evaluate and recommend new security technologies and tools to enhance application security.

• Stay uptodate with the latest application security threats vulnerabilities and mitigation techniques.

• Mentor and train developers on secure coding practices and application security principles.

• Document security architectures designs and standards.

• Participate in security incident response and provide guidance on applicationrelated security issues.

Basic Qualifications:

• Bachelors Degree in Software Engineering Computer Science Information Systems

• Management Cyber Security or other related discipline or equivalent experience; additional years of experience may be considered in lieu of a degree

• 6 years of prior relevant experience

• Certified Web Application Penetration Tester (CWAPT) or Certified Application Security Specialist (CASS) required

• Previous System Administration Developer and Web services experience in an Enterprise Environment utilizing cross platform technologies

• Demonstrated knowledge of networking and virtualization technology such as OpenStack RHEV etc

• Experience with Continuous Integration/Continuous Deployment (CI/CD) systems in line with configuration management and Secure SDLC best practices

• Experience in information system compliance with government standards and industry best practices including NIST OWASP Common Criteria DISA and SANS Institute

• Documented experience in REST Python Perl JAVA and PowerShell

• Ability to research and learn both independently and as part of a team

• Must have reliable internet access

• Must be a US Citizen to apply

• DOD Top Secret Clearance is required

Preferred Qualifications:

• Masters Degree preferred

• 4 years of prior relevant experience with a Masters degree

• Documented experience is preferred in as many of the following programming languages web services and applicable software stacks as possible: SOAP Apache Struts Websockets Java Message Queue RPC over HTTP WIA (Windows IIS ) C C C# JavaScript Pega Groovy LAMP (Linux Apache MySQL PHP) AMP (Apache MySQL PHP) JOLT (Java Oracle Linux Tomcat) and LAMJ (Linux Apache MySQL JSP Servlets).

• Experience with Cloud Service Providers (CSPs) AWS and Microsoft Azure

• A minimum of 6 years of experience managing and understanding cloud based infrastructures

Original Posting:

For U.S. Positions: While subject to change based on business needs Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job education experience knowledge skills and abilities as well as internal equity alignment with market data applicable bargaining agreement (if any) or other law.