Principal Architect – Application Security

About the Job:
The Principal Architect – Application Security will architect, design, and communicate comprehensive security strategies and solutions to enable and guide the design and development of systems that meet current and future business needs in alignment with corporate IT standards and security architecture principles.

Main Objective of Role
To ensure robust security architecture, develop optimal IT security solutions, and make pivotal decisions regarding architecture and technology that align with customer requirements and corporate IT standards.

Key Responsibilities:

• Develop IT security solutions that are secure, robust, and compliant with corporate IT standards.
• Accountable for end-to-end security architecture.
• Develop security architecture standards, guardrails, and best practices across IT teams.
• Conduct security architecture design reviews to identify gaps and ensure adherence to security patterns.
• Collaborate with development teams to design secure application architectures and implement controls like identity management and encryption.
• Monitor emerging threats and trends, adapting security solutions proactively.
• Review vendor products for security architecture improvements.
• Conduct code analyses using SAST and DAST and manual vulnerability assessments.
• Assist the InfoSec and Enterprise Security team in risk assessments and data loss prevention strategies.
• Develop logical infrastructure solutions in alignment with security standards.
• Manage the security architecture roadmap and prioritize the development of technical enablers.
• Participate in project lifecycles to manage security architecture and promote application security best practices.

Qualifications:

• Bachelor's Degree in Information Technology, Computer Science, or related field.
• Fluent in English.
• Proven experience as a Security Solution Architect or similar role.
• Experience in integrating security testing into the Software Development Life Cycle (SDLC).
• Knowledge of common vulnerabilities and attack vectors.
• Strong communication skills for presenting technical issues to diverse stakeholders.
• Preferred experience in the airline industry and multicultural environments.
• Strong understanding of security technologies and solutions.
• Proficiency in security tools for software development and infrastructure security.
• Knowledge of web service technologies, encryption, and authentication protocols.
• Understanding of secure network and system design in various environments.
• Familiarity with industry standards such as OWASP, GDPR, PCI DSS.

Preferred Certifications:

• CISSP, CCNP Security, CISA, CEH

Competencies:

• Customer Focus
• Teamwork
• Effective Communication
• Personal Accountability & Commitment
• Resilience and Flexibility
• Decision Making
• Strategic Thinking
• Business Acumen

Requirements:

• Compliance with ISR policies and reporting of any incidents to the Information Security team.
• Completion of all required ISR awareness sessions.