Security Architect - Threat Modeling
Happy employees. Great work. No coincidence.
Learn about opportunities to join the team, share your talents and make a difference!
We help organizations turn large amounts of data into knowledge they can use, and we do it better than anyone. It’s no wonder an overwhelming majority of our customers continue to use SAS every year. It’s because we hire the best people to create great software and services.
As a threat modeling expert in SAS's software R&D division, you will be a key contributor to efforts across R&D to implement secure software, verify its integrity, and manage the overall maturation of the software security program. Successful candidates must solve complex technical problems, work closely with engineering teams, and communicate clearly and effectively to technical audiences. This position requires a diverse set of skills including software development, technical guidance, training and support. As a member of the SAS Technology Office, your success will depend on your cooperative skills in working with the R&D software security team, R&D engineering teams, and others across the enterprise.
For this role, you will have the opportunity to…
- Maintain and continually improve the SAS Threat Modeling Process
- Responsible for integrating security design reviews within the SDLC of R&D applications
- Consult with R&D architects and engineering leads to evaluate product architecture and develop threat models
- Builds attack patterns and abuse cases to prepare for security testing and architecture analysis
- Assists with tuning of static and dynamic scanning tools to ensure scan policies cover all security requirements and test cases.
- Work with penetration testers on security testing strategy based on input from threat models
- Provide guidance to development teams on security design, threat modeling, and resolution of security vulnerabilities
- Consult with R&D teams to ensure that security benchmarks, guidelines, and processes are readily adopted and implemented
- Communicate regularly with development teams and product management on security initiatives
- Participate in the Product Security Incident Response process
- Participate in product lifecycle reviews in order to assess risk and document security related decisions
- Ensure compliance with regulatory and industry standards appropriate for software products
- Foster a culture of security consciousness across the R&D organization
- Assess current practices and work with the security team to implement relevant changes to ensure the maturation of the R&D software security program
Do you qualify? You must have…
- Expertise skill using threat modeling tools (e.g. MS Threat Modeling Tool, OWASP Threat Dragon)
- Bachelor's degree in computer science or related quantitative field
- Five years of experience in application security
- Knowledge of security architecture concepts, including topology, protocols, components, and principles
- In depth knowledge of system and application vulnerabilities
- Knowledge of what constitutes an attack and the relationship to threats, risks and vulnerabilities
- Excellent communication skills
- Ability to present to and manage working groups
- Ability to keep abreast with latest threats, attacking techniques and mitigating strategies.
- Experience with one or more major software development environments in use at SAS: C, Java, web applications
- Skill in conducting security design reviews and recognizing vulnerabilities in applications
- Knowledge of penetration testing principles, tools, and techniques
- Experience with web-based and cloud-native architectures
- Experience with security architecture and design in large software systems
- Experience with security testing and validation tools
- Strong knowledge of industry standards for application security
- Track record of building collaborative relationships across many groups
- Ability to analyze complex data and produce easily understandable content
Preferences for this role include…
- Security-related certifications such as CSSLP, CISSP, or other relevant
- Experience with BSIMM
SAS looks not only for the right skills, but also for a cultural fit. We seek colleagues who will contribute to the unique culture that makes SAS such a great place to work. We look for the total candidate: technical skills, culture fit, relationship skills, problem solvers, good communicators and, of course, innovators. Candidates must be ready to make an impact.
- To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status.
- SAS is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.
- The level of this position will be determined based on the applicant's education, skills and experience.
- Resumes may be considered in the order they are received.
- SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.
SAS, BI, Data Mining, OLAP, DW, Analytics, Business Analytics, Predictive Analytics, Statistics, Customer Intelligence, Enterprise Risk Management
Company Type: Privately Held
Company Size: 10,001+