Application Security Architect
Collective[i] is a leading research organization at the forefront of artificial intelligence development. We are on a mission to help our clients and community be more prosperous. Collective[i]’s first enterprise application is designed to enable revenue-facing organizations (eg, sales, client success, and marketing) to transform and adapt to modern buying.
The Application Security Architect is a key role within our organization, responsible for designing and implementing robust application security frameworks and strategies. This role requires a deep understanding of application security principles, emerging threats, and industry best practices. The Application Security Architect will collaborate with cross-functional teams to ensure the secure development, deployment, and maintenance of our applications. They will play a crucial role in safeguarding our organization's sensitive data, protecting against security vulnerabilities, and promoting a culture of security awareness and compliance. We are looking for candidates who are passionate about information security and specifically application security; who are not afraid of writing code; who understand the words “IDE,” “Runtime environment,” and “Compiler”; and who can build and maintain relationships with engineering leaders, answer security-related questions for clients and drive security initiatives across the company.
Responsibilities:
- Information security and specifically application security, is your passion. You are not afraid of writing code, and “IDE,” “Runtime environment,” and “Compiler” are not strange words for you. You stay aware of the latest security threats, analyze the impact of those security threats, and propose solutions to address emerging risks.
- You are a people person who can build and maintain relationships with engineering leaders, provide ongoing support, answer security-related questions and drive security initiatives.
- Be a product security champion by driving security architecture and design/implementation/optimization for web and API-based cloud products.
- Engage in the initial requirements definition (including analysis of threats and risks and alignment with security, engineering, IT and architecture standards.) and validation. Conduct architecture reviews, design reviews and code reviews. Create threat models for new and existing applications.
- Consult with development and operations teams to provide guidance and recommend secure design patterns and secure development lifecycle methodologies
- Perform security assessments on new and existing products and cloud-based services to identify security risks and establish baseline security requirements
- Establish and drive security standards across the engineering and product organizations to improve the security and resiliency of software and systems architecture
- Own the SSDLC process from start to finish.
- Build a robust process to implement SSDLC into the development process, including template creation, education, and hands-on support.
- You demonstrate excellent judgement in prioritizing security efforts to mitigate the appropriate risks.
- Act as technical spokesperson for application security initiatives among engineering leadership
- Automate security tools and processes, ensuring innovation and advancement strategies that keep pace in the areas of access control, security-in-depth, secure coding practices for web applications and API. Implement, own and maintain tools for application security testing and processes (e.g. SAST, IAST, etc.)
- Advocate for and lead complex security projects from inception through completion, working closely with engineering, product, and program management
- Present security risks to engineering and product leadership and influence product strategy and direction
- Be a force multiplier by mentoring other members of the team.
- Help the Security team in promoting a cybersecurity culture.
- Plan and lead training to increase awareness and education regarding secure code writing, SSDLC, etc.
Requirements:
- At least three years of experience in a similar role
- Software engineering experience (at least three years)
- Relevant certifications (e.g., CISSP, CSSLP, Security+)
- Coding experience with at least one of the following: Java, Python, Scala
- Proven hands-on experience with SecDevOPs principles and tools
- Proven hands-on experience with automatic scanning tools (IAST, SAST, etc.)
- Familiarity with project management tools and bug tracking platforms (Jira, Confluence, monday.com)
- Remote first ready, be comfortable with online tools and meetings, Zoom, MS Teams, Slack, etc.
- Experience with clients management and conversation is an advantage
- Big data and AI experience is an advantage
- Public cloud architecture and security experience is a big advantage
$120,000 - $180,000 a year
Who you are working for - About Collective[i]:
Collective[i] is a remote-first company on a mission to fuel global prosperity, helping companies around the world forecast, optimize and grow revenue. Our applications and network support highly productive, enlightened teams with everything they need to work smarter and win more.
We are a global team of committed scientists, developers, sales, finance, client success and marketing professionals who passionately believe that Collective[i]'s network and applications are dramatically transforming enterprises and improving the working lives of the people and companies we support.
We are recruiting for exceptional talent looking to join our team of A-players all committed to building a company that makes a difference. Our core values help shape our culture: We are curious. We are direct. We deliver. We succeed together. We strive for the extraordinary. If you enjoy a challenge, thrive in a fast paced environment and welcome the opportunity to work with amazing humans operating on the bleeding edge of innovation, Collective[i] is the place for you.
More about Collective[i]:
Collective[i] is passionate about using ML, RPA and other AI technologies along with a network to automate the myriad of tasks that distract sales professionals from selling and provide timely intelligence that helps to grow revenue. Our revenue optimization engine is one of the most transformative technologies to hit the enterprise since CRM. Founded and managed by the early teams behind LinkShare (purchased for $425m) and Overstock (NASDAQ:OSTK), Collective[i] is a private 100% remote company.
Recent press:
Forbes: The Revenue Operating System
ZDNet: Collective[i]: How the FAANG companies inspired a B2B sales solution
Information about the founders: