The Application Security Architect will ensure the security and integrity of applications across the company’s global semiconductor manufacturing operations. Reporting to the Global Head of Security Architecture, this role involves reviewing, planning, designing, and implementing security measures for software applications to support the company’s digital transformation and operational initiatives. The Application Security Architect will work collaboratively with development, operations, and security teams to identify and mitigate risks, ensuring applications remain resilient against evolving threats.
Job Description
1. Application Security Strategy:
- Develop and maintain a comprehensive application security strategy aligned with business objectives and regulatory requirements.
- Define security standards, policies, and best practices for application development and deployment.
- Ensure application security is integrated throughout the software development lifecycle (SDLC).
2. Secure Design and Architecture:
- Design secure application architectures for web, mobile, and cloud-based platforms.
- Evaluate and recommend security tools for code review, vulnerability scanning, and application testing.
- Ensure robust access control, authentication, and encryption mechanisms are in place for applications.
3. Risk Assessment and Mitigation:
- Perform security assessments of applications, identifying vulnerabilities and recommending mitigations.
- Develop threat models and conduct application penetration testing to uncover potential risks.
- Work with development teams to remediate vulnerabilities in code and design.
4. Collaboration and Integration:
- Partner with software engineering and DevOps teams to embed security into CI/CD pipelines.
- Provide technical leadership and guidance on secure development practices.
- Collaborate with stakeholders to ensure application security aligns with overall enterprise security goals.
5. Compliance and Governance:
- Ensure applications comply with industry standards, regulatory requirements, and internal policies.
- Contribute to the creation and maintenance of application security documentation and training materials.
- Stay updated on emerging security regulations and their impact on application development.
6. Education and Awareness:
- Conduct training and awareness sessions for developers and engineers on secure coding practices.
- Advocate for a security-first mindset within development teams.
- Monitor and respond to emerging application security threats and vulnerabilities.
Education:
A Bachelor’s degree in Computer Science, Cybersecurity, or a related field. A Master’s degree in Cybersecurity, Software Engineering, or a related discipline is preferred.
Technical Skills:
- Strong knowledge of application security frameworks and standards, such as OWASP, NIST, and CIS.
- Experience with static and dynamic application security testing tools (e.g., SAST, DAST).
- Proficiency in programming and scripting languages such as Java, Python, C#, JavaScript, or Ruby.
- Familiarity with secure software development practices, including secure coding, threat modeling, and code reviews.
- Hands-on experience with CI/CD pipelines, DevSecOps tools, and practices.
Knowledge of cloud security principles and experience with platforms like AWS, Azure, or Google Cloud.
Professional Experience:
- Minimum of 8 years of experience in application security, with 3+ years in a senior or architectural role.
- Experience designing and implementing application security for large, enterprise-scale environments.
- Background in secure software development lifecycle (SDLC) implementation.
- Track record of managing security in a global, enterprise-scale environment, preferably in the semiconductor or manufacturing industry.
Soft Skills:
- Strong analytical and problem-solving abilities.
- Excellent communication and interpersonal skills for interacting with technical and non-technical stakeholders.
- Ability to manage multiple projects and priorities in a fast-paced environment.
Certifications (Preferred):
- Certified Information Systems Security Professional (CISSP)
- Certified Secure Software Lifecycle Professional (CSSLP)
- GIAC Web Application Penetration Tester (GWAPT)
- Cloud-specific certifications, such as AWS Certified Security Specialty
