Application Security Architect (Remote) Draper, Utah
The Application Security Architect (Remote) will be responsible for leading Progressive Leasing’s web and mobile application security program. This is a role focused on people, process and necessary tools to support Secure SDLC for Progressive Leasing’s fast-paced application development environment and technology operations. The role requires a grasp of application security principles and practices and a background working in an application development and coding environment within a business.
This role can be worked remotely anywhere in the US, or work out of either of our 2 office locations which are located in Draper, UT and Glendale, AZ.
- Build a very close working relationship with DevOps, application development and QA teams.
- Provide strong leadership and cross-functional / stakeholder communications
- Maintain documentation related to the Application Security program including the development of secure coding policies, procedures and standards, modification of the Software Development Life Cycle (SDLC) to include necessary security checkpoints, code review methodologies, etc.
- Implement and manage training programs to train developers on secure code development practices.
- Identify application security requirements early-on and incorporate into secure code development practices.
- Plan, coordinate, and lead teams with the design, integration, development, validation and implementation of specific security policies, systems and services.
- Evaluate new security trends and technologies.
- Lead the assessment and acquisition of application security tools and technologies.
- Participate as a subject matter expert in the incident response program.
- Attend design and application architectural reviews and actively lead discussions from a security standpoint.
- Minimum of 3+ years in the following security functional areas: application security, authentication and authorization, identity and access management, dynamic application security testing, static application security testing, Middleware security, data security, security monitoring or SSO/2FA security, vulnerability management.
- Expertise in mitigating and addressing technology or application threat vectors
- Expertise in building a defense in depth infrastructure security architecture that includes security controls across multiple technology stacks
- Experience with Web Application Firewalls, Runtime Application Self-Protection (RASP), Reverse Proxies, and security assessment tools/methodology (network, systems, and application)
- Solid knowledge and understanding of securing all major web server environments and cloud platforms based on OWASP top ten recommendations
- Demonstrated knowledge of regulatory and statutory compliance requirements across industries
- An Information Security and/or Web application security certification; e.g., SANS GWEB or GWAPT, CSSLP.
- Familiarity with dynamic web application vulnerability scanning tools and services.
- Familiarity with static code analysis tools and services.
- Familiarity with high level programming languages.
- BA/BS combined with 5+ years of overall information security experience and 3+ years of Program Management experience.
- Strong program development, program management and leadership skills including experience in developing, documenting and establishing application security programs and best practices.
- Deep application development / software development experience, understanding of security protocols and APIs.
- Understanding of application threat modeling and SDLC security practices.
- Curious, inquisitive, lifelong learner and self-starter.
- Strong documentation skills in writing application security policies, procedures and standards.
- Experience with agile software development methods using SCRUM preferred.
- Clear on responsibilities yet flexible and willing to “carry water” during times of ambiguity.
- Able to effectively give, receive, and respond to feedback.
WHAT WE OFFER
- Competitive Compensation; Eligible for STI
- Full Health Benefits; Medical/Dental/Vision/Life Insurance + Paid Parental Leave
- Company Matched 401k
- Paid Time Off + Paid Holidays + Paid Volunteer Hours
- Diversity Alliance Resource Groups
- Employee Stock Purchase Program
- Tuition Reimbursement
- Charitable Gift Matching
- Job required equipment and services
WHO WE ARE
Progressive Leasing (NYSE: PRG) is the largest and longest-tenured virtual lease-to-own provider in the United States. The Company’s mission is to provide simple and affordable purchase options for credit challenged consumers. Over the last 20+ years, Progressive Leasing’s alternative lease-purchase options have helped millions of customers with less than perfect credit acquire needed items with ease. Progressive partners with 30,000 retail stores, helping to drive increased revenue and improve customer satisfaction. Learn more at ProgLeasing.com.
Progressive Leasing welcomes and encourages diversity in the workplace. We do not discriminate in any aspect of employment on the basis of race, color, religion, national origin, ancestry, gender, sexual orientation, gender identity and/or expression, age, veteran status, disability, or any other characteristic protected by federal, state, or local employment discrimination laws where Progressive Leasing does business.