Title: Information Security Architect (Secure Coding)
Are you a master of digital defense? Our dynamic team is on the hunt for an Information Security Architect who can design top-notch solutions to protect our cloud and Internet Business unit’s digital assets.
We are on a mission to safeguard digital frontiers.
As our Information Security Architect, you will:
• Provide security recommendations for architecture and technology, and reports on all matters relevant to application security.
• Ensure that every step of the software development lifecycle (SDLC) follows security best practices.
• Work with the various teams to develop and implement security standards and training.
• Be responsible for testing and reviewing code to validate secure coding principles and aid in testing the application against security risks/parameters before release
• Develop and implement comprehensive global security architectures encompassing hybrid cloud, encryption, network security, VPN technologies, operating systems, single sign-on (SSO), zero trust architecture, role-based access control and other advanced security measures.
• Design and implement stringent access controls policies aligning with the least privilege security model.
• Leverage Enterprise Architecture principles to design secure and scalable systems.
• Use data analytics to create measurable security metrics and reports.
• Evaluate systems, workflows, methodologies, source code, and configurations against appropriate information security standards and provides reports to document
• Assist with developing, deploying, and maintaining information security related tools and systems in support of information security operations
• Maintain strict confidentiality of all sensitive or confidential information
• Train both technical and non-technical audiences on security practices and standard
• Perform penetration testing planning, analyzing, remediation recommendations, and dashboarding
• Use expertise with web application vulnerability scanners (Acunetix /HP Web Inspect/IBM AppScan etc. and with source code analysis tools (Fortify/Checkmarx/Vera code/Klocworks)
• Provide remediation guidance to identified vulnerabilities.
• Provide security testing (Black, white, and grey box)
• Mature and help implement Threat Modelling capability with SDLC and Application development efforts.
• Use good business judgment and consistent communication skills to keep stakeholders informed
• Maintain a positive attitude, good teamwork, professionalism and interpersonal skills, proactively seeking solutions, taking initiative, and escalating, where necessary
Key Skills and Experience:
• Understanding of OWASP Top 10 and SANS Top 25 and able to map the vulnerabilities identified against the standards
• Experience in web application penetration testing and web services (API) penetration testing, mobile application security testing
• Web Application Security Assessment - In-depth knowledge of web application attacks and defense strategies (SQL injection, XSS cross-site scripting, CSRF, logic flaws, etc.)
• Experienced in vulnerability Assessments using Automated Scanners such as Nessus/Qualys and Manual Security Testing Kali Linux / Metasploit and other infrastructure security testing tools
• Familiarity with web application vulnerability scanners (Acunetix /HP Web Inspect/IBM AppScan etc. and with source code analysis tools (Fortify/Checkmarx/Vera code/Klocworks)
• Good understanding of web application architecture and Secure development life cycle (SDLC).
• Strong understanding of enterprise security architecture, zero trust and RBAC
• Good understanding of network security standards and protocols.
• Emerging technology awareness like Artificial intelligence, machine learning etc.
• Minimum of 6 years of hands-on experience in Application Security making use of security standards, languages, tools, and applications listed
• 5+ years in Application Security (OWASP) experience required. For internal candidates, experience can be a combination of internal and external experience.
• General knowledge of OS-level scripting languages (bash, ksh, PowerShell, Python, etc.) a plus
• General knowledge of Active Directory (AD), Intrusion Detection and Cloud Technology (Azure)
Ready to safeguard our digital world? Apply now and make a difference!
Information Technology is a strategy for our organization. We have top notch technologies, diverse teams and an environment full of fun, opportunities and growth. We align, contribute, innovate and enable all the areas within our business.
Mouser Electronics, part of the Berkshire Hathaway family of companies, was founded in 1964. We are a Top 10 Global Distributor of semiconductors and electronic components. Join our growing global team of 3,300+ employees and be part of the success story! Our full-time jobs come with competitive salaries and comprehensive benefits like an on-site fitness center and medical clinic at our HQ, located in the booming D/FW region of Texas.
This is a summary of the primary accountabilities and requirements for this position. The company reserves the right to modify or amend accountabilities and requirements at anytime at its sole discretion based on business needs. Any part of this job description is subject to possible modification to reasonably accommodate individuals with disabilities.
Category: IT/IS
Equal Opportunity Employer, including disability and veterans.
#LI-SR1
Mouser Electronics endeavors to make its Career page accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact Human Resources at (817) 804-3850 or hr@mouser.com. This contact information is for accommodation requests only and cannot be used to apply for positions or to inquire about the status of applications.
Mouser is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. For our EEO Policy Statement, please click HERE. If you would like more information on your EEO rights under the law, please click HERE.
Some positions posted may require use of information or access to hardware which is subject to the International Traffic In Arms Regulations (ITAR). Any applicant to these openings, must be a U.S. person within the meaning of ITAR. ITAR defines a U.S. person as a U.S. Citizen, U.S. Permanent Resident (i.e. Green Card Holder), Political Asylee or Refugee.