• Supporting role to the Manager of Application Security, Cloud Security Architect, Business Analysts, and Technical Leads on strategic IT projects.
• Reviews project documentation, research and references security policy, renders recommendations and guidance, approves or rejects project artifacts from a security perspective, and performs other tasks in the pursuit of securing systems, processes, and software applications.
• Interface with IT peers, IT Leadership and Business Relationship Managers to understand, design, and improve cybersecurity, as it relates to IT security and various CLA Service Lines.
• Communicate effectively to target audiences across both the business and technical stakeholders to ensure consistent messaging. Guide project managers in the creation and documentation of project requirements while ensuring the secure design principles are met.
• Work with the CLA technical teams to forecast and roadmap technologies, developing strategic plans from which security standards can be established and enforced. Assess requirements and translate them into secure system guidelines and high-level technical requirements.
• Guide and counsel technical teams, with guidance from the Manager of Application Security and Cloud Security Architect, in performing implementation activities, and review implementation outcomes, to ensure secure design compliance.
• Drive policies and procedures through involvement in the Firm's Software Development Life Cycle (SDLC) process and ensure all applications and services are built and sustained with security and compliance by design. Validate controls for Encryption, Access Control, Web Application Vulnerability Detection, OWASP top 10 and other common web application security parameters.
• Provides peer review of technology initiatives. Creates documentation around security initiatives as required. Provides smallest project management services, including the facilitation of web application penetration tests with outside vendors. Facilitates developer security champion program with support from Cloud Security Architect and Manager of Application Security.

Required Qualifications:

• 7 years of general IT experience required, 4 of which are with security of IT systems, and 2 of which are with security design/strategy.
• 3 years of modern application development experience required, including exposure and familiarity with CI/CD practices, and versioning methodologies leveraging Git fundamentals (ADO, GitHub).
• Bachelor's degree is required. Combination of relevant experience, education, and training may be accepted in lieu of degree.

Preferred Qualifications:

• 4 years' experience preferred in secure coding tools, including SAST/SCA/DAST.

• Our Perks:
• Flexible PTO (designed to offer flexible time away for you!)
• Up to 12 weeks paid parental leave
• Paid Volunteer Time Off
• Mental health coverage
• Quarterly Wellness stipend
• Fertility benefits
• Equal Opportunity Employer:
• Equal Opportunity Employer /AA Employer/Minorities/Women/Protected Veterans/Individuals with Disabilities.
• Click here to learn about your hiring rights.
• Wellness at CLA:
• To support our CLA family members, we focus on their physical, financial, social, and emotional well-being and offer comprehensive benefit options that include health, dental, vision, 401k and much more.
• To view a complete list of benefits click here.