Application Security Architect

**Job Description Summary**:
TD SYNNEX Corporation, a $60B global distributor is dedicated to protect the enterprise and our supply chain partners from cyber security risks. That's especially true today as new risks and complexities brought on by regulatory mandates, rapidly evolving technologies, and the digitalization of business operations are disrupting traditional business models.

Reporting to the CISO organization, the Application Security Architect will be focused on guiding the entire SDLC lifecycle with security by design, continuous security assessments throughout the SDLC lifecycle and raising the effectiveness of the development organizations so that TD SYNNEX can develop the next-generation of managed services and advanced technology products to grow market-share and increase revenue whilst monitoring, managing, and measuring operational environment risk. In addition, this architectural role will drive the strategy, execution and support of the next generation customer Identity and Access Management platform for our eBusiness and Orchestration platforms.

The Application Security Architect will partner with numerous development organizations throughout the company to be secure, vigilant, and resilient in the face of an ever-increasing array of cyber threats and vulnerabilities. Our Application Security team will help the organization with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner. Our services will help the organization to address, in a timely manner, pervasive issues, such as identity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise.

It is vital that the innovation teams and the Application Security teams collaborate and partner to drive successful outcomes. Whilst the development organization is responsible for deploying solutions that are secure by design and secure by applicable standards, the Application Security Team is driven to ensure our organization is successful in bringing to market new capabilities in accordance to our high standards for security.

Work you will do:
As an Application Security Architect, you are responsible for defining and developing operational maturity of the Secure SDLC Program which includes the following responsibilities.

**Duties and Responsibilities**:

- Is responsible for being the thought leader for a dedicated and globally diverse team located in North America, South America, Europe and Asia.
- Is responsible for cultivating and grooming of a network of Security Champions in each development and innovation team.
- Collaborates and works closely with other teams such as, but not limited to, IT Innovation Leaders, IT Development Managers, DevOps Leaders, Product Managers, Project Managers, Internal Audit, Cloud Security, Penetration Testers (Red Team) and the Cyber Defense Center.
- Contribute to the maturing the organizational efficiency of the entire SDLC and DevSecOps services.
- Drives operational maturity to be compliant with security standards and regulations such as NIST, PCI-DSS, ISO etc.
- Facilitate use of technology-based tools or methodologies to continuously improve the monitoring, management and reliability of the service
- Involved in triaging and defect tracking process with the development team and helping the team to fix issues at the code level based on the priority of the tickets
- Share risk and areas for improvement with the CISO, IT leadership and project sponsors
- Investigative and analytical problem-solving skills
- Possession of excellent oral and written communication skill
- Self driven and ability to work autonomously
- Understand security architecture concepts including topology, protocols, components, and principles to perform threat modeling

**Required**:

- Charisma and personality to engage with development teams to build rapport and partnership
- Knowledgeable in deployment and security management phases
- Knowledge and experience of OWASP Top 10, SANS Secure Programming, Security Engineering Principles
- Experience in performing code review of dot Net, Java and Swift and C/C++ code
- Experience in running, installing and managing SAST, DAST and IAST solutions, such as Checkmarx, Fortify and Contrast in large enterprise
- Understanding of leading vulnerability scoring standards, such as CVSS, and ability to translate vulnerability severity as security risk
- Experience on at least one CI/CD tool set and building pipelines using Team city, Bamboo, Jenkins, Chef, Puppet, selenium, AWS or AZURE DevOps
- Experience on container technology such as Kubernetes, Dockers, AKS,
- Knowledge of cloud environments and deployment solutions such as server less computing
- Experience in writing custom exploitation scripts and utilities
- Knowledge of one or mor