U.S. Bank Software Security Architect in Owensboro, Kentucky

U.S. Bank is seeking an experienced Software Security Architect with demonstrated competence and thought leadership capability to contribute toward the success of our technology initiatives. The Software Security Architect will work as a software security advisor to multiple software development teams, work with other security leads to create secure software development guidelines, demonstrate defensive software development techniques to software developers, and continuously provide guidance and suggestions to improve software security testing (SAST, DAST, etc.) and remediation.

The ideal candidate will have a strong software development background, experience with all SSDLC activities (from design to deployment), and an understanding of software security vulnerabilities and defensive programming techniques.

Responsibilities :

• Review applications’ architecture and documentation to validate their security posture

• Perform software threat modeling exercises and architecture risk analysis for software products

• Review and/or proactively propose remediation for security vulnerabilities and work with product teams to ensure proper implementations

• Work closely with Corporate Security and Cloud Operations to drive the software security certification process for the organization

• Provide security guidelines for the organization to protect critical assets and data

• Be in charge of one or more of US Bank security assurance programs, and be responsible for reviewing security assurance status of product releases

• Be responsible for the evaluation of new technologies, tools, and/or development techniques that impact security

• Review, analyze, and evaluate both internally developed software and external vendor products and procedures to address security requirements

• Maintain development security standards, policies, and procedures

• Work with teams to perform on-going security code and testing review to improve their security posture

• Help to define and develop consistent automated metrics covering all aspects of the security programs


Required Qualifications:

• 5 years combined work experience as a software developer or application security professional working with/within development teams

• Experience performing product security reviews, threat modeling, and architecture risk analysis

• In-depth understanding of common application vulnerabilities, attack vectors and exploits, and techniques to remediate those vulnerabilities

• Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, data and communication protection, etc. (such as OAuth2, OpenConnect, WS-Security, SAML)

• Exposure to and knowledge of complete SDLC in Enterprise Cloud Software environments

• Solid knowledge of Web-related technologies

• BS in Computer Science or similar technical field

Preferred Qualifications (not necessary):

• Application Security Certificate, such as CSSLP, GSEC, OSCP

• Experience with various security tools and products (Fortify, WebInspect, Burp Suite) for static and dynamic analysis

• Experience with mobile and Cloud technologies and development

• Writing and Presentation skills

Job: Information Technology

Primary Location: United States

Shift: 1st - Daytime

Average Hours Per Week: 40

Requisition ID: 180010590

U.S. Bank is an Equal Opportunity Employer committed to creating a diverse workforce.

U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors.