SC Works Jobs

Job Information

Xylem Senior Security Architect - Cloud Applications in Rock Hill, South Carolina

Responsibilities:

  • Provides architectural guidance and leadership on security best practices in Cloud based applications.

  • Develop, implement and maintain product security strategy for application development

  • Provide security direction for software development, user interface design frameworks, high performance messaging solutions, server side development, integrations and tools and technologies

  • Works with the business, operations and systems team to identify the right architecture for implementing new solutions, products and modules

  • Contribute to the development and evolution of the application and infrastructure security reference architecture

  • Risk analysis, risk management, and communication of results with software/hardware development managers

  • Champion the Xylem security SDLC. This includes security testing, penetration testing identifying and fixing vulnerabilities in software and applications on all Xylem products

  • Perform vulnerability research, assessment and management , serve as technical security/risk advisor on all new technology/developed by Xylem

  • Perform threat modeling, static application security testing, code reviews, and secure design reviews for high risk applications

  • Determine testing requirements and strategies, automate security testing using a variety of scripting and open source tools

  • Implement or manage the implementation of common application security controls, ensuring that practices meet software certification processes

  • Assist developers in remediating vulnerability findings by providing line-by-line guidance

  • Provide training and education to developers on software security best practices

  • Assist customer operations with secure deployment of Xylem products

  • Expert level operational support for security escalations from customers

Minimum qualifications:

  • BSCS (or equivalent) with 14 year’s experience

  • Demonstrated expertise in product/application security architecture – Service oriented architecture (SOA), Network security, application security, restful web services, Angular, JavaScript

  • Deep technical experience in Identity Access Management including OAuth, SSO, LDAP, and RBAC

  • Strong knowledge on security policies, security standards and best security practice such as ISO 270001, NIST, OWASP

  • Strong Programming knowledge – Java, C#

  • Strong software development skills – Agile, waterfall

  • Experience in AWS cloud security, especially container based systems such as Kubernetes and Docker

  • Expertise in Vulnerability assessment , Security Testing and SAST/DAST tools

  • Experience in cryptography protocols and algorithms

  • Understanding of security automation, DevSecOps processes and CICD tools preferably Jenkins

  • SQL/NoSQL Database knowledge – Postgres, MSSql, Oracle, and MongoDB

  • Ability to present complex security topics to a wide range of internal and external audiences (engineers to executives)

  • Strong project planning and execution skills

  • Self-motivated; ability to work under general supervision; receptive and supportive of team efforts

  • Excellent written & oral communication skills and coordination with peers, end-users, and management

DirectEmployers