This is not your typical Security Architecture role. Application Security Architects at Staples have a deep knowledge of application software development, including automated build and delivery techniques. They focus on the highest-profile mission-critical applications and engage across multiple product teams to provide security guidance throughout the requirements, design, and implementation phases of the development lifecycle. The role is a focal point of expertise in web application defense.

RESPONSIBILITIES SPECIFIC TO ROLE:

• Forge close partnerships with product teams to understand and mitigate application security risk and threats in critical software components
• Work with security industry experts designing application security assessments for internal applications involving static test automation and manual architecture, code, and Secure Development Lifecyle process review
• Assist in defining the set of required application security controls, associated standards, and training material for internally developed IT applications
• Lead product team implementations of application security controls and provide training and direction for team security champions
• Provide communication to leadership and product teams on the threat landscape, application security controls, and secure coding practices
• Specify application security testing requirements to be included within applicable testing frameworks

KNOWLEDGE/SKILL REQUIREMENT:

• Bachelor’s Degree or related equivalent work experience
• BS degree or equivalent experience required
• Minimum 10 years of experience in Information Technology related fields
• 2+ years of experience in Security
• Strong development and architecture background
• Experience developing web/mobile applications using common web technologies (Java, Javascript)
• Expert in application security and secure coding practices
• Experience working with Agile development methodologies
• Ability to execute analytical problem decomposition and solution design
• Strong written and oral communication skills
• Ability to influence and educate application development teams, product management, and leadership

• Familiarity with PCI, PII and other GRC concerns
• Industry training in web application defense, enterprise defense, and/or penetration testing
• Certification in the above a plus
• Experience with industry standard SAST/DAST security scanning tools such as IBM AppScan, Checkmarx, Veracode, Fortify, Rapid 7
• Experience with development frameworks and technologies such as Angular, node.js, C#, .net, Azure, Android and iOS development
• Demonstrated experience in assessing solution risk via design and code review
• Experience in deploying web application components in public cloud environments
• Familiarity with cloud technology, containers, and micro-service architecture
• OWASP membership and participation a plus