Application Security Architect

Overview:

About Xerox Holdings Corporation For more than 100 years, Xerox has continually redefined the workplace experience. XIT Staffing, a division of Xerox dedicated to staffing solutions, is committed to collaborating closely with our internal clients to fulfill their staffing needs.

This is a 6 month contract with the possibility to extend.

Responsibilities:

• Work independently with application developers, system/network administrators, product owners, and other colleagues to ensure secure design, development, and implementation of applications and networks.
• Perform security architecture design reviews of the developed applications.
• Perform code analysis of large applications, manually and using static application security testing (SAST) and dynamic application security testing (DAST) scanning solutions as well as conducting manual vulnerability analysis.
• Provide remediation guidance and recommendations to developers and administrators.
• Work with Application Development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests.
• Create security best practices and standards and ensure Application Development teams understand them and receive pertinent annual secure coding training.

Qualifications:

• 10+ years of demonstrated industry experience with application development, leadership and application security work.
• Proficiency in reading, writing, and auditing Python, Javascript, Angular, PL/SQL, Oracle Apex low-code and the ability to pick up new languages/technologies.
• Authoritative knowledge of OWASP.
• Strong familiarity with common vulnerabilities and attack vectors.
• Knowledge of web service technologies, load balancer services (i.e.Cloudflare, F5, etc.) and RESTful APIs.
• Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OAUTH, SAML, LDAP, etc.).
• Solid understanding of secure network and system design in both cloud (AWS) and conventional environments.
• The ability to communicate complicated technical issues and the risks they pose to developers, network engineers, system administrators, and management.