Results

Principal Security Architect

<< Back to list

Location & Commerce is set to become a core element of our Client's DNA and will spearhead their revised mission in mobile and location-based services. It will drive delivery of differentiated social location offerings for the wider ecosystem, targeting consumers, business customers and advertisers alike.

The focus areas for the Location & Commerce business are built around the core offerings:

• Location Content, delivering high-value data across platforms and industries.
• Applications, delivering an integrated suite of apps, across all operating systems
• Location Platform, delivering the Map Platform and APIs, search and places
• Local Commerce, creating a high-value advertising network, providing local commerce services for brands and merchants and to accelerate revenue and profit.

Join our Client's fast growing international team in this highly visible leadership role in which you will become part of the Location and Commerce Security, Privacy and Continuity team. You will be working with teams in Location and Commerce and other relevant units across the company to implement services complying with security & privacy policies and applicable legislation while working on continuous delivery mode.

Principal Security Architect will primarily be contributing into development, implementation and maintenance of the application security program across R&D in Location and Commerce and other relevant units with focus on the client side applications running on browsers and/or mobile devices. This is a hands-on position that requires someone who has had a great deal of application development and coding experience together with an understanding of application security and secure coding principles. This position will design secure products and architectures together with the R&D teams, perform architecture and secure code reviews, perform penetration testing, define secure coding standards, and strongly contribute into application security awareness programs. This role will work closely with engineering and products teams to design and implement security-related systems and functionality, including writing secure code as necessary, verification of services' launch readiness. This position would require constant monitoring and awareness of key developments in the area of web application security, evaluation of their impacts on services in production and under development. The candidate is expected to be able to work in virtual teams, identify needed/missing capabilities and contribute in application security competence development creating and maintaining security community in Location and Commerce and other services R&D.

Key tasks:

• Evangelize security principles through engineering and drive adoption of best practices
• Participate in web client and mobile device applications' design and architectural reviews actively leading the discussions from a security standpoint
• Design and implement security-related systems and functionality together with relevant R&D teams
• Consult R&D projects on security considerations, best practices, and patterns
• Assist in planning and executing security testing for the company's services
• Assist in and conduct internal vulnerability assessments, pen testing, code reviews, and security audits
• Develop and lead training programs that will be used to train developers on secure code development practices
• Drive discovery and interpretation of security requirements
• Create all the necessary documentation that codifies the application security program: this will include the development of secure coding policies, procedures and standards, modification of the SDLC to include the necessary security checkpoints, code review methodologies etc.
• Participate as a subject matter expert in incident response when required

Qualifications

Expertise/skills required:

• BSc or higher degree in Computing Science or equivalent
• Relevant work experience in application development 5+ years
• Strong Web client and mobile device programming background including experience in Windows Phone and Silverlight programming and/or experience working with Java in mobile devices, QT/QML and C++ in mobile devices
• Knowledge of web technologies and standards: HTML, Javascript, SQL, JSON, XML, XHTML, SSL/TLS, REST, SOAP, SAML, OAuth, OpenID
• Ability to read code for example: Java, C++, Ruby, Perl, Python, SQL and write programs to produce tools, test or demonstrate ideas
• Experience in secure application programming, coding life cycles and designs especially when applied in agile environments targeting for daily production updates
• Knowledge of software and network architecture and standards
• Ability to understand business drivers and priorities, and integrate these requirements into overall security design
• Understanding of security principles, best practices architectures, tools and processes
• Ability to communicate security objectives orally and in writing to a variety of audiences
• Self-motivation with the ability to work independently and as a team member with minimal direction
• Direction team skills, ability to work with different people

Expertise/skills preferred:

• Relevant work experience in application security 5+ years
• Understanding TCP/IP protocol family, RTP/RTSP, XMPP, SIP, PKI, IPsec, VPN
• Expertise in manual and/or automated secure code reviews
• Expertise in vulnerability assessments and lead resolutions of any security findings
• Ability to understand detailed technical procedures, projects, SDLC and Web Development Architecture, Ethical Hacking Process etc.
• Familiarity with reverse engineering techniques and tools
• Protocol inspection 

Location: Germany