We are seeking a highly skilled SOFTWARE SECURITY ARCHITECT who will be responsible for measures to improve and ensure the security of web applications, code, and related components in our company’s cloud products. The ideal candidate will have a strong understanding of the software development lifecycle and software security.

POSITION SUMMARY:

Software Architect (Cybersecurity)

is responsible for measures to improve and ensure the security of web applications, code, and related components in DSS Health Cloud products (including those for third-party vendors).
is tactical in nature and requires direct software development experience to better understand the nature of code constructs and how a software security concept is transformed into production level code.
works with the team and Infrastructure members to provide guidance and requirements for secure development standards and training, security testing tools focused on the application layer, threat modeling, penetration testing and vulnerability disclosure programs; but it is the responsibility for the incumbent to translate these requirements into code implementation.
works in collaboration with the Security Software Engineering resources teams within the Research and Development department to formulate tactical code implementation plans so that the Product Owners can better prioritize software features.
DUTIES AND RESPONSIBILITIES:

Assist with the development and execution of the product & application security architecture and program strategy.
Align and periodically communicate metrics with the Product Ownership teams around the effectiveness of the application security program.
Review source code, 3rd party components, software/system designs and consult with stakeholders across the organization to identify and/or avoid security issues through alignment with security standards and best practices.
Leverage the accumulated subject matter expertise of DSS’ applications, systems, and code to propose and drive architectural improvements which address classes of security flaws in the FedRAMP ecosystem and other projects such as SOC2 and HiTrust.
Document and improve secure development lifecycle processes, standards and guidelines while making improvements to the corporate Development Standards maintained by the Research and Development Department.
Deliver training and provide mentoring to software developers on security topics.
Facilitate threat modeling exercises to ensure optimized security design decisions are being made.
Document remediation recommendations and collaborate with developers to ensure vulnerability findings are successfully and efficiently addressed.
Participate in requirements definition and perform initial risk analysis to define a minimum standard of security for each application.
Work with project teams to prioritize security milestones.
Assist in the enforcement of corporate-wide information security policies, guidelines, and best practices.
Align the overall security governance with IT architecture governance and project and portfolio management (PMO).
Evaluate, develop, and implement secure solutions, based on approved enterprise security architectures.
Ensure changes do not create or introduce security gaps.
Other Duties:

All other duties as assigned by management.
Travel as needed for position and in support of company efforts. – up to 25% of the year
The preceding functions are examples of the work performed by employees assigned to this job classification. Management reserves the right to add, modify, change or rescind work assignments and make reasonable accommodation as needed.

QUALIFICATIONS:

Required:

10 + years of relevant work experience as a software developer or engineer.
2+ years’ work experience as an information security officer.
3+ years’ experience with assessing/securing large, complex SaaS applications.
1+ years’ experience with FedRAMP and/or SOC 2 knowledge.
2+ years of experience as a people manager.
Experience as a senior/staff/lead security engineer in product and application security.
Experience leading security projects and initiatives that require collaboration with teams across an organization.
Sound understanding of application security vulnerabilities (e.g., OWASP Top 10), defense techniques and security best practices, including language-specific security practices and present-day threats.
Experience with modern application development languages and frameworks (e.g., .NET, Node.js, Java, Python, React, Angular).
Use of agile methodologies for project management.
Manual web application penetration testing experience, including the use of professional penetration testing tools.
Strong familiarity with AWS, Docker, Kubernetes, Linux and similar infrastructure/technologies.
Desired:

Mature organization and time management skills.
Project management expertise.
Strong interpersonal and communication skills
Education:

Required:

Bachelor’s degree or equivalent experience.
Desired:

Master’s degree, MBA.
Certifications:

Required:

One or more relevant security certifications (CSSLP, CISSP, CISM, CEPT, CMWAPT, CPT, CEH, LPT, GWAPT, GPEN, GXPN, OSCP).
Desired:

Any relevant certifications to position or department
Experience:

Required:

10 + years of relevant work experience as a software developer or engineer.
2+ years’ work experience as an information security officer.
3+ years’ experience with assessing/securing large, complex SaaS applications.
1+ years’ experience FedRAMP and/or SOC 2 knowledge.
2 + years of experience as a people manager.
Desired:

Any additional relevant experience to the position or department
PHYSICAL DEMANDS:

Operate computer and other office equipment including phones, faxes, instant messaging, email, webcasts
Up to 90% of time.
Perceive computer form layout
Up to 90% of time.
Work in a stationary position, sitting
Up to 90% of time.
Move about office, Standing, Walking
Up to 5% of time.
Transport unassisted up to 20 lbs. equipment/supplies, lifting, stooping, bending
Up to 10 times per day.
Communications, oral, written and visual
Up to 90% of time.
Other, please specify
Travel by common carrier up to 25% per year.

Lift and carry up to 50 lbs. unassisted while traveling.

This role can be Remote which would allow most work to be performed at home; however, the Employer is a Federal Contractor and subject to federal vaccination mandate. Employees must be fully vaccinated to come onto any of DSS, Inc’s sites or Client sites.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

If you need an accommodation seeking employment with DSS, Inc., please email jobs@dssinc.com or call (561) 284-7373. Accommodations are made on a case-by-case basis.