Application Security Architect / for a Tech & Data / Financial Services Sector Industry > Joboolo FR :
Société : Entreprise Confidentielle Lieu : France
ApplicationSecurityArchitect / for the Group Tech & Data - FinancialServicesSectorIndustry Short Summary The Tech & Data department provides products, services, and support to all Group worldwide.
Its 2 key challenges today are to successfully implement its new Target Operating Model (TOM), to be supported by an ambitious pluri-annual internalization plan to deliver innovative products and services to its clients.
The Tech & Data organization is an Agile matricial organization relying on 4 pillars:
· Data and System Engineering, made of the following teams :
Data Center of Excellence, Products and Systems Engineering and Enterprise Architecture · Management & Control (M&C) & Corporate Systems, made of teams supporting Crews and Transversal Functional Domains:
Governance, T&D Operating Model Implementation, Security & Compliance, Financial Control, Sourcing & Vendor Management, Governance, and Processes · Technical, made of teams dedicated to IT Operations, Network, Cloud, Workplace & Cloud Productivity Services · Crews and Transversal Functional Domains Crews are supported by Chapters (System Engineering, Architecture, DevOps, ..
.
) and both Technical and M&C-C teams are fully dedicated to the delivery of Company products, services and support.
An ApplicationSecurityArchitect is responsible for designing and implementing secure software solutions for an organization.
They work closely with development teams to ensure that applications are built with security in mind from the ground up.
This includes conducting security assessments, defining security requirements, and implementing secure coding practices.
The ApplicationSecurityArchitect also keeps up-to-date with the latest threats and vulnerabilities and applies this knowledge to ensure that the organization's applications remain secure over time.
Ultimately, the role of the ApplicationSecurityArchitect is to help the organization develop and maintain secure applications that protect the confidentiality, integrity, and availability of sensitive information.
Job Summary Develop and maintain securityarchitecture standards (Cloud infrastructures and APIs) and promote their adoption within IT functional teams.
Participate in the review and definition of life cycle of Software Development or SaaS Integration, in alignment with Comapny IT Internal Control and Security state of the art's best practices based on OWASP standards (i.e., Software Assurance Maturity Model (SAMM), ApplicationSecurity Verification Standard (ASVS), Top 10 proactive controls, Web Security Testing Guide (STG), Cheat Sheet Series, ..
.
).
Define and maintain standard operational security standards Promote and drive adoption of network security practices across the enterprise Develop metrics and dashboards of the current state of the program, incidents, and overall operational effectiveness Define and maintain standard security configurations of technical solutions ensuring availability, integrity, data protection and privacy of Business applications.
Review current system security measures on Business applications and recommend enhancements according to new established security standards.
Support IT teams to implement remediation of security findings raised into security audits of Business applications.
Key duties and responsibilities Develop and maintain securityarchitecture standards (Cloud infrastructures and APIs) and promote their adoption within IT functional teams.
Support the operational security excellence manager in the definition and continuous improvement of standard security configurations of technical solutions ensuring availability, integrity, data protection and privacy of Business applications.
Establish Security view on all key Business applications and provide security recommendations enhancements according to new established security standards.
Support IT Functional teams to implement remediation of security findings raised into security audits.
Required experience & competencies Master degree in Computer Science or related field required Must adhere our Key Security Principles and Team Values:
Security Principles:
Defend the business, Support the business and promote responsible information security behavior.
Team values:
Professionalism, Ethic, Transparency and Team Spirit.
English :
fluent Hard skills Five years of Software development experience with strong security constraints.
· Knowledge of Hybrid installations of SCCM, IAM, MDM · Knowledge of clouds than MS is a plus · Windows Defender ATP, Windows Defender cloud App security, and Windows Defender for Identity is a plus · In depth knowledge of Windows Services (DNS, Print, Fileserver, DHCP, Group Policies) · PowerShell / or other scripting languages (Azure API and other scripts) · Experience with modern authentication mechanisms · Experience in networking/protocols/proxy/security devices · Strong Security Software development knowledge/experience · Good background on Project Management within IT functional teams · Good Information Security and Risk assessment skills · Good Cross platform and technology knowledge · Good Knowledge of information security-related technologies and products Permanent contract & Full time Location :
Paris 2 days offsite (télétravail) EntrepriseConfidentielle France Expérience souhaitée
