APPLICATION SECURITY ARCHITECT SKILLS, EXPERIENCE, AND JOB REQUIREMENTS

Updated: July 29, 2024 - The Application Security Architect is proficient in current and emerging security technologies and methodologies, the Application Security Architect excels in threat analysis and secure software development, integrating frameworks like OWASP and utilizing tools such as SAST and DAST. They possess expertise in securing container-centric deployments, integrating security into CI/CD pipelines, and implementing quantitative risk methodologies, all while demonstrating strong communication and analytical skills.

Summary of Application Security ArchitectKnowledge and Qualifications on Resume

1. BA in Cybersecurity with 4 years of experience

  • Strong team player who collaborates well with others to solve problems and actively incorporates input from various sources.
  • Certification in one or more of the following CISSP (Certified Information Systems Security Professional), CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional)
  • Highly Motivated team player, with a can-do attitude and the ability to get things done
  • Aptitude for solving problems and acting on own initiative
  • Strong Organizational Skills, with the ability to manage tasks, time and resources, establishing courses of action in order to achieve defined business objectives.
  • Creativity and decision-making skills for problem-solving and idea generation. Ability to understand and solve complex issues with clear, balanced and implementable solutions.
  • Capacity to quickly learn new skills and adapt to new environments
  • Ability to present complex solutions and methods to a general community.
  • Must be reliable and have outstanding work ethics.
  • Excellent written and verbal communication and organizational skills.
  • Experience with working on global teams across time zones, cultures and languages.

2. BA in Information Assurance with 3 years of experience

  • Proficient in securing cloud infrastructure and cloud applications.
  • Proficient in development and application security.  
  • Good to have certifications CRISC, GSEC, CISA, CISM or CISSP etc.
  • Have experience in coding in Java, Python, or Go and one scripting language.
  • Have good knowledge of web, mobile, API, Microservices, network and security architectures and design patterns.
  • Have good knowledge of AWS, Azure, GCP and OCI native security tools.  
  • Subject matter expert in application security concepts, best practices and methods
  • Have good knowledge of security best practices, principles, and common security frameworks, such as NIST, ISO, Common Criteria, TCSEC, OWASP, etc.
  • Hands-on experience with data architecture, modeling and integration.  
  • Knowledge of security by design principles and architecture-level security concepts.

3. BA in Cryptography with 3 years of experience

  • Have good knowledge of current and emerging security technologies, threats and techniques for exploiting security vulnerabilities.
  • Proficient with methodologies and tools, for threat analysis of complex systems, such as threat modelling and software fuzzing.   
  • Have good knowledge of developer tools and environments, project management and bug tracking systems.
  • Proficient in building secure software based on frameworks such as OWASP, CWE, SANS, OpenSAMM, BSIMM.
  • Proficient in application security tools like SAST, SCA, DAST, Penetration testing, Fuzzing etc.
  • Proficient in securing container-centric deployments using Docker and Kubernetes.
  • Proficient in implementing and integrating security tools into CI/CD.
  • Practiced process improvement, automation release management, and system development life cycle (Waterfall and Agile).
  • Practiced with Data Security and Governance.
  • Practiced implementing quantitative risk methodologies.  
  • Have very good communication, presentation and analytical skills.

4. BA in Computer Science with 1 year of experience

  • Experience in Cyber Security practices.
  • Security architecture knowledge and experience
  • Experience managing small to medium-sized teams
  • Experience with Amazon Web Services, Google Compute Cloud and Microsoft Azure
  • Understanding of the OWASP Top 10 application security risks and how to address them
  • Experience with Application Security testing (Dynamic and static testing), and vulnerability testing practices in CI/CD pipelines
  • Experience with Security Architecture and Threat Modeling
  • Familiarity with security industry standards (ISO 17799, NIST 800 series, etc.) and best practices
  • CISSP, CCNP, MCSE, MCITP-EA, CEH, CCSA, certification preferred
  • Security Standards and concepts, Native Mobile App security
  • Identity and Access Management Systems (MFA, SSO, Reverse Proxies, PAM)
  • API Security, Container Security, OSSG, SAFe Agile framework
  • Web Application Firewalls / Run-Time Application Firewalls

5. BS in Computer Science with 2 years of experience

  • Have certifications in information security, application security, and/or cloud security
  • Amazon Web Services including IAM, GuardDuty, Macie, S3, CloudTrail, and CloudWatch
  • Writing security scripts that leverage cloud platform command line tools
  • Securing container-centric deployments using Docker and Kubernetes
  • Securing web, mobile, API, and microservices design patterns and architectures
  • OWASP Top Ten, CWE, OpenSAMM, BSIMM, etc
  • Application penetration testing and static code analysis tools
  • Multiple programming languages and the ability to learn new ones
  • Regulatory regimes like PCI, GDPR, HIPAA, CCPA, etc.