• Work closely with the Manager of Application Security and the Cloud Security Architect to build a holistic view of the overall security posture for the firm.
• Assist in the creation, endorsement, and utilization of technical best practice security architecture.
• Support the Cloud Security Architect and Manager of Application Security by assisting in the creation and implementation of best practice documents, security architecture drawings.
• Provide both level 3 and 4 support.
• Participate and occasionally lead technical projects that span across all IT teams.

Business Solutions

• Support the Manager of Application Security, Cloud Security Architect, Business Analysts, and Technical Leads on strategic IT projects.
• Review project documentation and research security policy.
• Render recommendations and guidance, approve or reject project artifacts from a security perspective.
• Interface with IT peers, IT Leadership, and Business Relationship Managers to understand, design, and improve cybersecurity.
• Communicate effectively to target audiences across both the business and technical stakeholders.
• Assist project managers in the creation and documentation of project requirements while ensuring secure design principles are met.
• Work with CLA technical teams to forecast and roadmap technologies, developing strategic plans from which security standards can be established and enforced.
• Assess requirements and translate them into secure system guidelines and high-level technical requirements.

Technical Team Initiatives

• Guide and counsel technical teams, with guidance from the Manager of Application Security and Cloud Security Architect, in performing implementation activities, and review implementation outcomes.
• Have involvement in the Firm’s Software Development Life Cycle (SDLC) process to ensure applications and services are secure by design.
• Validate controls for Encryption, Access Control, Web Application Vulnerability Detection, OWASP top 10 and other common web application security parameters.
• Provide peer review of technology initiatives.
• Create documentation around security initiatives as required.
• Provide small scale project management services, including the facilitation of web application penetration tests with outside vendors.
• Facilitate developer security champion program with support from Cloud Security Architect and Manager of Application Security.

Required Qualifications:

• 4 years of general IT experience required, 2 of which are with security of IT systems and security design/strategy.
• 3 years of modern application development experience required, including exposure and familiarity with CI/CD practices, and versioning methodologies leveraging Git fundamentals (ADO, GitHub).
• Bachelor's degree is required. Combination of relevant experience, education, and training may be accepted in lieu of degree.

Preferred Qualifications:

• 2 years' experience preferred in secure coding tools, including SAST/SCA/DAST

• Equal Opportunity Employer /AA Employer/Minorities/Women/Protected Veterans/Individuals with Disabilities.

Click here to learn about your hiring rights.

#LI-JH1