Job Description

The application security architect is responsible for validating that application services are designed and implemented with high security standards. The role is focused significantly on application program interfaces (APIs), and the architect spends a large percentage of time developing and supporting security controls for API services. Additionally, the architect establishes an application security vision with sustainable standards and processes. An influential member of the team, the architect is a primary liaison with the security, engineering and technology teams.

The architect creates and evolves an API security strategy to support the business at scale. The role is responsible for designing a secure framework with a repeatable, flexible process, and the architect must be able to receive, assess and integrate input from technical and business units to ensure that what is designed meets business and technical needs. The position is responsible for the security of applications supporting business-to-business, third-party relationships, outsourced solutions and vendors. The role requires rigor in authentication and authorization, as well as data validation and secure data transmission, all validated with logging and auditable events. The architect must be comfortable supporting integration with both internally developed and externally supported applications and services. Considered a highly knowledgeable individual, the architect is expected to recommend programmatic controls, and monitor and manage secure development processes that address modern day issues.

Essential Job Duties

o Influence secure API development standards and implementations across multiple platforms.

o Adopt security standards for the API lifecycle and disseminate them across development and security teams.

o Enforce rigorous security controls with internal and external constituents, and follow through for verification and consistency.

o Document and provide ongoing maintenance of materials to eliminate discrepancies in development and security best practices.

o Focus on automation to aid in efficiencies with both testing and production.

o Develop authentication and authorization security requirements to adhere to credential storage, privilege management and authenticity standards; support role- and attribute-based access control.

o Work in tandem with developers to provide repetitive validation testing prior to production that allows for a continuous cycle of development followed by application security assessments.

o Regularly monitor the security community for public-facing security issues as well as to learn new tactics for securing data transmissions and reducing attack exposure.

o Attend and participate in application projects and change management committee meetings. This includes interacting with business units and technical teams to understand what is coming and how projects can be more secure from the beginning.

o Leverage security standards and implementation configurations, as well as common security frameworks.

o Document secure delivery and implementation advancements that meet defined service-level agreements (SLAs) and business metrics.

o Align with architects and development teams for a mission of secure design and data integrity preservation among users, apps and infrastructure.

o Mentor less experienced members of the team to help build a strong culture and improve security efficacy.

o Actively participate in and lead security team meetings that facilitate secure design.

o Perform testing and validation to identify any vulnerabilities that inject or intercept data in APIs.

o Understand and leverage encoding and tokenization processes.

o Be highly engaged in information security projects that evaluate existing security infrastructure and proposed changes as defined by security leadership and architects; deliver projects on time, within budget and in accordance with SLAs.

o Focus on application security that complies with Health Information Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI), General Data Protection Regulation (GDPR), Sarbanes-Oxley (SOX) and other applicable regulatory or industry standard requirements and privacy laws.

o Develop security test plans from architectural designs, identify deficiencies and make enhancements to ensure production is not impacted.

o Perform other duties as assigned.

Skills and Experience

o Total Experience of 10 to 15 Years and at least 10+ years’ experience in cybersecurity preferred, including compliance and risk management with system and application security engineering.

o Highly technical and analytical with a proven deep background in application programming (5+ years above and beyond cybersecurity experience preferred).

o Established experience with Agile and software development lifecycle (SDLC) practices.

o Experienced with REST and SOAP development and security controls.

o Additional experience with JSON, JWT, XML, jQuery and JavaScript.

o Knowledge of security fundamentals for software-as-a-service (SaaS) application integrations.

o Skillful in single sign-on (SSO), OAuth 2.0, OpenID Connect and SAML.

o Proven excellence in communicating business risk from cybersecurity topics.

o Active involvement with practices emerging from OWASP, NIST and SANS, among others.

o Proficient in software development (Java, Python, C++, Ruby, etc.)

o Solid understanding of network and web protocols.

o Experienced with securing intra-company and third-party APIs.

o Experienced working with API gateways such as CA API Gateway, MuleSoft and IBM API Connect.

o Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating thoroughly.

Additional Qualifications

o Experience with cryptography controls and measures to secure applications and data.

o Knowledge of API tools such as Swagger, Apigee, vREST and API Fortress.

o Understanding of cloud API resources from Amazon Web Services (AWS), Microsoft Azure and Google Compute Cloud (GCP).

o Experience working with one or more databases, including Oracle, MySQL, MongoDB and SQL Server.

o DevOps background in public and private clouds.

o Experience with one or more of the following: ISO 27001, NIST, PCI, HIPAA/HITECH, SOX, GDPR, CIS or SOC2.

o Expected working knowledge of Windows, Linux and Unix.

o Familiarity with state privacy laws.

o Highly trustworthy; leads by example.

Education Requirements

o Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent.

Experience Requirements

Certification Requirements

o SANS certifications (GWEB) and others, CISSP, CCSP and/or CSSLP, OSCP (and related).

#LI-PS1

#Momentivesoftware

About Us

Momentive Software amplifies the impact of over 20,000 purpose-driven organizations in over 30 countries, with over $11 billion raised and 55 million members served to date. Mission-driven nonprofits and associations rely on Momentive’s cloud-based software and services to address their most pressing challenges – from engaging their communities to simplifying operations and growing revenue. Designed to help organizations connect more, manage more, and ultimately expect more, Momentive's solutions are built with reliability at the core and strategically focus on fundraising, learning, events, careers, volunteering, accounting, and association management. Momentive partners with organizations that believe "good enough" is never enough – so they can bring on better outcomes for everyone they serve. Learn more at momentivesoftware.com.

Why Work Here?

At Momentive Software, we’re a team of passionate problem-solvers, innovators, and volunteers who believe in using technology to make a real difference. We dream big, support each other, and take pride in creating solutions that help our customers drive meaningful change. If you’re looking for a place where your work matters and your ideas are valued, you’ll find it here.

Planned Paid Time Off - Earned Leave and Casual Leave in Each Calendar Year

Company Holidays as Per Policy

Employer-Paid Parental Leave
Purpose-Driven Culture
Work-Life Balance
Passionate About Community Involvement
Group Mediclaim Policy

Group Accident Policy

Group Term Life Policy
Gratuity as Per Payment of Gratuity Act

Momentive Software actively embraces diversity and equal opportunity in a meaningful way. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be, which is why we do not discriminate based on race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.

All persons hired will be required to verify identity, minimum age of 18, eligibility to work in India (without sponsorship), and to complete the required employment eligibility verification form upon hire.