Arrow Electronics Principal Security Architect - Applications in Denver, Colorado


Principal Security Architect - Applications

Job Description:


Job Description Summary

Reporting to the Chief Security Officer (CSO) and as a member of the Enterprise Security Services team, the security architect plays an integral role working with other Security Architects in defining and assessing the organization's security strategy, architecture and practices with emphasis on application security. The security architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services.

The security architect will be responsible for the following activities and functions:

• Develop and maintain an application security architecture process enabling the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers.

• Assist in the developing security strategy plans and roadmaps based on sound enterprise architecture practices.

• Develop and maintain application security architecture artifacts (models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations.

• Track developments and changes in the digital business and threat environments to ensure that these are adequately addressed in security strategy plans and architecture artifacts.

• Participate in application and infrastructure projects to provide security planning advice.

• Draft security standards, procedures and guidelines to be reviewed and approved by executive management and/or formally authorized by the CSO.

• Conduct security assessments of internal systems and applications as part of the overall risk management practice of the organization.

• Conduct vulnerability assessments and other security reviews of systems and applications, and prioritize remediation based on the risk profile of the asset and guidance from the CSO.

• As needed, provide input and expertise in the review and assessment of security and application logs for indicators of compromise (IOCs) or other anomalous behavior within applications.

• Be familiar with OWASP top ten application security flaws and how to mitigate them, the Security Development Lifecycle (SDL) and other secure coding practices.

• Conduct static and dynamic code reviews of applications to determine security flaws or other issues that would impact the confidentiality, integrity or availability of the system.

• Coordinate with DevOps and other teams to advocate secure coding practices and escalate concerns related to poor coding practices to the CSO or the individual responsible for the overall security direction.

• To ensure security-related matters are adequately conveyed, strong communications skill (written and oral to all levels in the organization) along with strategic planning, financial analysis, and project management skills are necessary.

• Other duties as assigned.

Job Complexity

• Is recognized as an expert within the organization, both within and beyond own function

• Anticipates internal and/or external business challenges and/or regulatory issues; recommends process, product or service improvements

• Solves unique and complex problems that have a broad impact on the business

• Contributes to the development of functional strategy

• Leads project teams to achieve milestones and objectives

• Progression to this level is typically restricted on the basis of business requirements

• Operates with no supervision in a complex environment

Experience / Education

Must possess direct, documented and verifiable experience with the following applications:

• Oracle ERP Suite of products, Microsoft Azure, Java, Linux, Windows and other applications normally encountered in a global enterprise.

• Development or audit experience with one or more general coding languages (Java, C/C++, Python, JavaScript, PHP)

• Required Bachelor's or Master's Degree in Computer Science, Information Systems, Cybersecurity or a related field or equivalent and relevant experience (10 to 12 years).

• Certifications such as CISSP, CISM, or similar are a plus.

• Less than 25% travel required.



Time Type:

Full time

Job Category:

Non-Customer Facing/Supplier Facing

Most people live in the present. But a handful of us live in a world that doesn’t exist yet — the world of Five Years Out. Five Years Out is the tangible future. And it’s a way of thinking at Arrow that serves as a springboard for innovators, helping them see what’s coming and stay ahead of what’s ahead.

We are much more than products and services. We’re a community of designers, engineers, builders and visionaries who navigate the path between possibility and practicality, across the complete lifecycle of electronics, in some of the fastest-growing commercial and industrial markets on the planet.

The work we do is everywhere, from things you’ve never seen to things you can’t live without. A Fortune 119 company with more than 18,700 employees in over 90 countries, and 2016 sales of $23.8 billion, we guide innovation forward for the world’s leading technologies used in homes, businesses and daily life. If it takes a charge, chances are we helped design it, build it and get it to market.

Are you Five Years Out? Then chances are, you’ll enjoy working with us.

Arrow is an equal opportunity employer. It does not discriminate based upon race, national origin, religion, gender, sexual orientation, gender identity, age, disability, genetic information, protected veteran status or any other characteristic protected by law. Arrow will make reasonable accommodations that enable qualified individuals to perform the essential functions of their jobs so long as the accommodation does not create an undue hardship.