Apply on Employer Site

Crown Equipment Corporation · 8 hours ago

Application Security Architect - Hybrid

New Bremen, OH

Full-time

Hybrid

Mid, Senior Level

2+ years exp

Crown Equipment Corporation is a leading innovator in world-class forklift and material handling equipment and technology. They are seeking an Application Security Architect to define security architecture standards, review design documents, and collaborate with various teams to ensure secure development practices.

Industrial

No H1B

U.S. Citizen Only

Hiring Manager

Michelle McClain

Responsibilities

Define security architecture standards and blueprints for web, mobile, cloud, and Application Programming Interface (API)-based applications

Review design documents and perform architecture risk assessments for new and existing applications

Collaborate with DevOps, Engineering, and Infrastructure teams to ensure architectures align with secure design principles

Integrate automated security testing/scanning tools (Static Application Security Testing (SAST), Software Composition Analysis (SCA)) into Continuous Integration (CI) or Continuous Delivery (CD) pipelines

Define and enforce secure coding standards and practices across development teams

Provide training and guidance to developers on secure development principles and vulnerability prevention

Conduct threat modeling and attack surface reviews for high-risk or critical applications

Identify potential security flaws and recommend mitigations early in development process

Track and communicate technical risk to product managers, developers, and leadership teams

Develop and maintain application security policies, baselines, and architecture frameworks

Ensure application security practices align with regulations including General Data Protection Regulation (GDPR) and Payment Card Industry Data Security Standard (PCI-DSS)

Support audit and compliance initiatives by providing documentation and evidence of secure development practices

Qualification

Application Security ArchitectureSecure Software Development Life CycleThreat ModelingOpen Web Application Security Project (OWASP)DevSecOps ToolsIdentityAccess ManagementCloud Security AWSCloud Security AzureCertified Information Systems Security Professional (CISSP)Container Security DockerContainer Security KubernetesAuthentication Protocols OAuthAuthentication Protocols SAML

Required

Bachelor's degree in Information Technology, Cyber Security, Computer Science, or related field is required, along with 2-4 years related experience

Non-degree considered if 12+ years of related experience along with a high school diploma or GED

Preferred

5+ years in cybersecurity with at least 3 years in application security or secure software development experience

Secure Software Development Life Cycle (SDLC) in development. Deep knowledge of Open Web Application Security Project (OWASP) Top 10, National Institute of Standards and Technology (NIST), and secure coding frameworks

Experience with Securing Secrets and Service Accounts desired

Experience with Web Application Firewall (WAF) implementation/support preferred

Familiarity with Identity and Access Management and cloud security practices (AWS, Azure)

Certified Information Systems Security Professional (CISSP), or similar certification (Certified Secure Software Lifecycle Professional, Certified Ethical Hacker (CEH) certified)

Familiarity with container security (Docker, Kubernetes)

Understanding of authentication protocols (Open Authorization (OAuth) and Security Assertion Markup Language (SAML))

Experience with DevSecOps tools and container security tools desired