Apply on Employer Site

SAS · 1 day ago

Sr Application Security Architect

Cary, NC

Full-time

Hybrid

Senior Level, Lead/Staff

8+ years exp

SAS is a leader in data and AI, committed to transforming data into intelligence. The Senior Application Security Architect will play a critical role in enhancing the security of SAS's software solutions by collaborating with various teams to address security challenges throughout the Software Development Lifecycle.

AnalyticsData GovernanceData ManagementEnterprise SoftwarePredictive AnalyticsSoftware

Culture & Values

No H1B

U.S. Citizen Only

Responsibilities

Collaborate across R&D and cloud hosting teams to strategically improve the security posture of business-critical multi-tier solutions in legacy, hybrid cloud, and public cloud environments. Includes tactical refactoring, environment promotion, and Secure by Default deployment and configuration to maintain security consistency if not parity between all environments

Collaborate in the planning of evolutionary paths for secure architectures and systems incorporating and aligning dependent third-party architectures as well as the adoption of new technologies while maintaining a robust and consistent security posture. Includes employing specific security compensating controls, defense in depth, and security posture aspects in support of Secure by Design, Secure by Default (deployment and configuration), and Zero Trust Architectural principles

Work with development teams providing security assessment and hardening of products spanning the SDLC and development pipelines left/early-shifted wherever possible. Includes performing periodic secure design, threat modeling, code reviews, or direct verification to identify and triage issues assessing the security risk and recommending remediation steps for vulnerabilities and weaknesses

Collaborate with Product Management stakeholders to ensure security implementations are consistent with business objectives, customer requirements, and applicable global regulations

Identify, train, and partner with Security Champions in place with product R&D teams. Help champions assess and gauge risk to identify security gaps or seams in the products and integrated solutions

Create and maintain secure engineering documentation, guidance, or training collateral supporting with PSO standards, policies, and procedures

Collaborate with other teams within security to identify new tools and processes to integrate into the Secure SDLC. Recommend and promote software security policies, standards, and procedures that can improve the global SAS security posture. Mentor and coach within the Product Security Office and other Security Architects aligned with your security breadth and building depth via subject matter expertise

Qualification

Secure software developmentSecure system architectureSecurity certificationsProgramming languagesEnterprise web application securityCloud securitySAST toolsDAST toolsDevSecOpsSoft skills

Required

8+ years of secure software development, secure system architecture and design, or related experience

4+ years of demonstratable experience in developing or adopting software security best practices

Bachelor's degree with major study in Computer Science, Electrical Engineering, or related. Possess relevant security certifications such as from SANS, GIAC, or ISACA CEH, for CCSP, CSSLP, CISM, or CISSP

An equivalent combination of related education, training, or experience may be considered in place of any of the above qualifications

Knowledge of current Global Enterprise security risks and attacker TTPs as published by MITRE

Experience with programming languages such as C/C++, Java, Python, JavaScript, PHP, Golang, etc. allowing you to review code or logic and be confident in giving prescriptive guidance to R&D and hosting/ops in security patterns and best practices

Expertise in securing enterprise web applications and familiarity with OWASP Top 10, CVSS, CWE and SANS-25

Experience with security best practices for modern R&D such as micro-services and containers, Agentic AI, hyper-scale cloud hosting and operations, etc

You're curious, passionate, authentic and accountable. These are our values and influence everything we do

Preferred

Experience with cloud hosting and operational security for public clouds (Azure, AWS, or GCP) and hybrids such as the domains and requirements in the Microsoft Cloud Security Benchmark (MCSB)

Experience with SAST tools, such as: Snyk, Black Duck, Sonar, etc

Experience with DAST/IAST tools, such as: ZAP, Burp Suite, Kali, Nessus, etc

Knowledge of and experience with auditing, implementing, and supporting Dev(Sec)Ops

Benefits

Comprehensive medical, prescription, dental and vision plans.

Medical plan options include... PPO with low annual deductible and copays.

HDHP combined with a health savings account with a contribution from SAS (no access to on-site health care center).

Onsite Health Care Center (HQ) that’s free to employees and family members enrolled in the PPO plan. There's a pharmacy too! Not local to HQ? The pharmacy will ship prescriptions for no additional charge!

An industry-leading 401k plan.

Generous time away including vacation time, a variety of paid holidays, and our much-loved U.S. Winter Wellness Break between December 25 and January 1.

Volunteer Time Off, parental leave and unlimited paid sick days.

Generous childcare benefits for all full-time employees.