Senior Application Security Architect

Job Description

Senior Application Security Architect (New York)

About ASCAP

The American Society of Composers, Authors and Publishers (ASCAP) is a professional membership organization of songwriters, composers and music publishers of every kind of music. ASCAP's mission is to license and promote the music of its members and foreign affiliates, obtain fair compensation for the public performance of their works and to distribute the royalties that it collects based upon those performances. ASCAP members write the world's best-loved music and ASCAP has pioneered the efficient licensing of that music to hundreds of thousands of enterprises who use it to add value to their business - from bars, restaurants and retail, to radio, TV and cable, to Internet, mobile services and more. The ASCAP license offers an efficient solution for businesses to legally perform ASCAP music while respecting the right of songwriters and composers to be paid fairly. With more than 850,000 members representing more than 16 million copyrighted works, ASCAP is the worldwide leader in performance royalties, service and advocacy for songwriters and composers, and the only American performing rights organization (PRO) owned and governed by its writer and publisher members. Learn more and stay in touch at www.ascap.com, on Twitter and Instagram @ASCAP and on Facebook.

# # #

Are you passionate about working with customers? Are you excited to learn new technologies? Would you rather be coding than whiteboarding? If the answer is yes, then you might make a great fit for our team of talented software engineers who work with our business and product teams on high impact projects using emerging technologies and platforms. ASCAP technologists live our mission, and we are passionate about what we do for our customers, and we practice what we preach. Our technologists serve with humility and a deep respect for their responsibility in helping our business partners and members achieve their goals and realize their dreams. We stand behind our mission and are committed to delivering the impossible.

Bottom line? We outthink ordinary. Discover what you can do with technology at ASCAP!

We are looking for a motivated, detail-oriented individual with strong technical skills. This role's primary focus is on working to secure in-house built and software as a service integrated applications plus working with management on security strategies and product owners/designers/developers/platform engineers/endpoint engineers to design, develop and implement secure systems, networks, and applications. He/she will be the point of escalation for Junior Security Analysts who investigate and respond to security event alerts, manage technical aspects of incident response, work on third party applications/services reviews and the organizations vulnerability management program. This role will also address the creation of a true SDLC program with devsecops for our in-house built applications and work with developers to implement information security best practices ensuring that our code is proactively secured while in the pipeline prior to moving to production.

The person in this role will need to prioritize and ensure the timely completion of tasks from the scrum masters and management. They should also be able to shift and adjust priorities based on changing business needs in our dynamic environment, while also remaining task-oriented to ensure completion of work from start to finish with appropriate solutions.

Responsibilities:
• Work independently with developers, system/network administrators, product owners, design teams and other colleagues to ensure secure design, development, and implementation of applications and networks - defining and promoting a full SDLC program.
• Perform security architecture design reviews of our applications (primarily cloud.)
• Perform code analysis of large applications manually and conduct manual vulnerability analysis.
• Provide remediation guidance and recommendations to developers and administrators.
• Work with development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests.
• Define security best practices and standards and ensure development teams understand them and receive pertinent annual secure coding training.
• Researches, evaluates, tests, and assists on implementation of new security solutions around devsecops and the application pipeline.
• Works closely with Jr. Security Analysts and security platform engineers to investigate and resolve security related events.
• Works alongside project management in a SCRUM environment to successfully monitor progress and implement security initiatives.

Qualifications:
• Minimum 5 years of experience at the senior level working in depth with various versions of Mac/MS/Unix/Linux operating system, networking, security devices and securing web based and back-office applications.
• Experience working with development teams to build secure solutions.
• Experience breaking down complex systems and applications to find flaws.
• Proficiency in reading, writing, and auditing Java and the ability to pick up new languages/technologies.
• Experience with secure coding practices and architecting secure applications written in Java.
• The ability to communicate complicated technical issues and the risks they pose to developers, network engineers, system administrators, and management.
• Security certification such as CISSP is preferred.
• Cloud security experience with AWS and Salesforce is a plus.
• Bachelor's degree in Computer Science or Information Security.
• A keen eye for detail, an analytical thinker, and the ability to multitask.
• The ability to thrive in fast-paced, high stress situations.
• A problem solver with the ability to communicate effectively with peers, business partners and management.
• Self-starter, positive attitude, ability to work independently, enjoys learning and staying current with industry developments, regulations, and best practices.
• Experience providing security training to developers.

What We Love About You:
• You love our users. You deeply understand our users and put them at the center of everything you do. You aim to serve and delight them every day.
• You do the right thing. You are respectful and act with the highest integrity. If you see something that isn't right, you say something.
• You debate it. You ask questions to understand a perspective and are comfortable respectfully challenging assumptions. You are not turned off by constructive conflict to get to the right answer.
• You own your outcomes. You set clear ambitious goals. You anticipate obstacles, persevere, and are accountable for your commitments.
• You make fast decisions. You are an effective and timely communicator. You understand how to collaborate, compromise, and escalate when needed.
• You get better every day. You welcome the gift of feedback. You never settle in your quest to grow and develop. By being here, you make our company stronger.

Besides providing a unique and dynamic work environment, there are a few other reasons you should consider ASCAP in your career planning. We offer generous benefit options that are comprehensive and provide the flexibility that most employees want and need. These health care and financial plan options include the following:
• Very generous time-off policy
• Paid time of

[more...]

Jobcode: Reference SBJ-g346ex-3-131-110-169-42 in your application.