Principal Software Architect
Principal Software Architect will be an experienced professional with expertise in securing applications (cloud, mobile, computers), web applications (such as plugins), e-commerce applications, application source code and third-party tools that are used to build applications; including the ability to identify, remediate, and correct security issues in the applications within the organization. The ideal candidate will have experience working within AWS and Azure and fully understand the principles of securing applications deployed within those environments.
Essential Duties (Primary Responsibilities) include the following.
- Develop and implement a security strategy and architecture that is high performance, reliable, scalable, low cost, omnipresent and transparent with frictionless experience for developers and users.
- Contribute to the overall framework of security, risk and compliance at enterprise level partnering with other related functions.
- Assess the technology and application landscape of the enterprise, working with different teams, from a security perspective
- Create and implement a comprehensive and robust security perimeter around all the applications and tools of the organization
- Develop in-depth security architecture, design and coding standards to drive a standardized set of security requirements that align with internal policies and meet external compliance/regulatory requirements
- Develop criteria to assess and validate security risks (e.g., DLP, IDS, NERC CIP) and relevant security architectures.
- Define, implement and govern security strategy for the software development lifecycle (SDLC) and product security maturity model.
- Adopt a shift-left approach to security to ensure that applications are secure by design
- Develop, implement and govern application security policies, procedures and standards
- Integrate security practices and tools with DevOps process and CI/CD pipes, working closely with the process and tooling teams.
- Define and implement vulnerability management practices
- Evaluate and implement security testing tools and methodologies including Static Application Security Testing (SAST) tools, Dynamic Application Security Testing (DAST) tools, and Interactive Application Security Testing (IAST) tools in collaboration with other engineering teams.
- Define, implement, govern and publish Application Security Controls and Metrics spanning across SDLC and product development. Create and publish metrics dashboards (BSIMM)
- Perform threat modeling, conduct reviews of security architecture and platform/service designs, and audit source code.
- Secure cloud-based applications and services, specifically within AWS and Azure and integration of cloud applications with on premises resources
- Provide product security related coaching and mentoring to elevate security expertise of development teams.
- Identify functional and technical cybersecurity requirements, integration needs and prepare cost estimates.
- Integrate technical, managerial, and financial considerations when sponsoring solutions
- Continuously review and enhance existing and future application security solutions.
- Ensure risks are identified and addressed for new developments, integrations and deployments
- Articulate application security solutions to business partners, development teams, and clients in a comprehensible manner.
- Research information security standards, conducting system security and vulnerability analyses, and risk assessments, studying architecture/platform evolution
- Drive open innovation in product security best practices through industry collaboration
- Take initiative, manage own objectives through tasks from inception to completion
- Other duties as assigned.
What someone will need to be successful in this role
- Adhere to Berkadia’s policies and exhibit proficiency and understanding of Berkadia’s Values and position-specific skills.
- Bachelor’s degree in Information Security, Computer Science, or related field.
- Minimum 8 years of development background in Java, .NET or other modern higher level language. Strong knowledge of multiple technologies, platforms, and programming languages
- Minimum of 5 years of application security experience including experience with OWASP and NIST security standards and frameworks, BSIMM as well as SOX and SOC2requirements.
- CISSP / CSSLP / CISA / CISM / ISSAP / ISSE / Security+ or other security certifications are a plus
- Complete understanding of application security engineering principles
- Knowledge of common application security challenges and their remediations
- Knowledge and experience with threat modeling, and risk assessments
- Solid understanding of security protocols, cryptography, authentication, authorization
- Experience working in an Agile and DevOps environment including security aspects of CI/CD
- Experience with distributed system design
- Ability to perform architectural, design, and code reviews with a focus on security best practices.
- Exceptional communication skills with diverse audiences, including facilitation, negotiation and presentation skills
- Ability to create detailed written documentation
- Strong critical thinking, analytical skills and attention to detail
- Highly self-motivated and directed
- Travel up to 20% (both domestic and international)
- 18 PTO days + 2 floating holidays & 10 paid holidays per year
- Generous tuition reimbursement towards a Masters or Bachelors degree
- 401K match up to 6%
- 12 weeks of 100% paid paternity/maternity leave
- Mentorship with industry professionals
Berkadia, a joint venture of Berkshire Hathaway and Jefferies Financial Group, is a leader in the commercial real estate industry, offering a robust suite of services to our multifamily and commercial property clients. Powered by deep relationships and industry-changing technology, our people sell, finance, and service commercial real estate, providing support for the entire life cycle of our clients’ assets. Our unique ownership structure allows us to put the client’s interests first and creates a marketplace that delivers a superior experience.
Applicants who require accommodations to participate in the interview process should contact the Talent Acquisition Team to arrange for such accommodations by emailing: Talent.Acquisition@Berkadia.com
Berkadia does not share salary ranges in its job postings. Any salary-related information you see posted externally has not been provided or verified by Berkadia and may not be accurate.
Berkadia is an equal opportunity employer and affords equal opportunity to all applicants and employees for all positions without regard to race, color, religion, gender, national origin, age, disability, veteran status or any other status protected under local, state or federal laws.