Share this Job
Email similar jobs to meEmail similar jobs to me

Lead Application Security Solutions Architect

Date: Oct 17, 2017

Location: San Antonio, TX, US

Company: Tesoro Companies Inc.

Requisition ID: 57581

Summary:

This Lead Applications Security Solutions Architect will be responsible for providing strategic direction and subject matter expertise in desktop, web, mobile and cloud application security across the enterprise. Through powerful collaboration with solution developers, business analysts and managed service providers, the successful candidate will investigate internal necessities to adequately understand business requirements with a view to producing application security solutions that meet current and future business needs. In addition to having a strong technical background, the successful candidate will be a strategic thinker capable of developing and implementing an effective application security framework - premised on best practices such as SDLC, OWASP Top 10 and CWE Top 25 - for the organization.

Responsibilities:

  • Develop application security strategy & roadmap, and coordinate execution with internal and external technical partners;
  • Design and develop technical requirements, security solutions and implementation/test plans for cloud, desktop, mobile and web application security;
  • Provide thought leadership and subject matter expertise in Application Security requirements analysis and solutions design;
  • Reduce injection and/or presence of security defects by working with Development and Quality Assurance teams to identify software security weaknesses and provide guidance on secure coding standards and best practices;
  • Provide security design, consultancy, and assessment services while introducing improvements in technical security standards and security implementation designs/patterns;
  • Conduct gap analysis and develop a road map of the evolution of Application Security capabilities from its current to a target state that meets security, agility, usability and compliance requirements;
  • Perform threat modeling and deliver guidance on countermeasures and threat mitigation techniques;
  • Create application security advisory service; develop, publish and maintain secure coding practices; and produce platform specific security standards as required;
  • Define metrics that measure effectiveness of application security efforts;
  • Develop testing checklists and methodologies, clearly document and articulate information risks associated with identified software flaws, and provide detailed guidance on remediation;
  • Research, design and oversee implementation of application security technology solutions that meet organizational needs;
  • Identify and tailor application security requirements to solution development projects as required
  • Maintain oversight of the design, implementation and testing of IAM solutions to ensure appropriate and effective security attributes are embedded from the onset rather than “bolted on” after the fact;
  • Develop reference Application and SaaS Security Architecture and ensure project and solutions delivery to that architecture.

Requirements:

  • Minimum of a bachelor’s degree in engineering or information systems or related field of study required.
  • 10 or more years of experience in a diversified IT or information security role is required;
  • Excellent knowledge of secure software development lifecycle and practices is required;
  • Experience mitigating or advising on mitigation techniques for OWASP Top 10 and SANS/CWE Top 25 security vulnerabilities required;
  • Broad understanding of information security tenets and security architecture principles is required;
  • Experience developing strategies and roadmaps in line with best practices and proven frameworks is required;
  • Experience using static, dynamic and interactive application security testing tools is required;
  • Ability to thoroughly review technical design components to ensure alignment with security policies, standards and best practices is required;
  • Strong knowledge and understanding of current and emerging cyber security threats, vulnerabilities, trends and mitigations ranging across the technologies required to provide layered defense is required;
  • Must be able to represent cyber security viewpoint through excellent communication skills to both technical and non-technical audience;
  • CISSP-CSSLP Certification preferred
  • SANS GWAPT/GWEB certification is a plus
  • Experience working with SAP and web applications preferred;
  • 5 or more years of security design and architecture is preferred;
  • Demonstrated ability to identify application security requirements and validate implementation of specified requirements into a robust architecture that sufficiently protects valuable digital resources is preferred;

See What Its Like At Tesoro:

https://www.youtube.com/watch?v=u7wKDGXTr4I&t=47s

Tesoro Corporation, a Fortune 100 company, is a leading independent refiner and marketer of petroleum products with a strategically focused presence in the western United States. Tesoro, through our subsidiaries, owns and operates seven refineries with a combined capacity of over 895,000 barrels per day. Our retail-marketing system includes over 2,400 retail stations under the ARCO®, Shell®, Exxon®, Mobil®, USA Gasoline™, Rebel™ and Tesoro® brands. Our full-service logistics business, a master limited partnership formed by Tesoro Corporation as Tesoro Logistics LP (TLLP), owns and operates 4,000 miles of crude oil, refined products and natural gas pipelines; 29 crude oil and refined products truck and marine terminals; 15 million barrels of storage capacity; two crude oil rail facilities; and four natural gas processing complexes. Headquartered in San Antonio, Texas, our operations span 18 states.

Our strength lies in our investment in employees and in their future. We measure success not only by the products we bring to our customers, or the financial results we deliver to our shareholders, but also by remaining true to our core values of safety and environmental stewardship, respect and integrity.

Discover your strengths and invest in your future by applying today.

Employees must be able to perform the essential functions of the job with or without reasonable accommodation.

Equal Opportunity Employer: Vet / Disability

Posting Notes: || San Antonio || Texas || United States (US) || SF:LI-JR-2 || |Information Technology || 78261 ||


Nearest Major Market: San Antonio

Job Segment: Solution Architect, Architecture, Engineer, ERP, Technology, Security, Engineering