Application Security Architect - Mulesoft - Efficus Inc.

Key Responsibilities:

• Conduct comprehensive architecture reviews of new software applications to identify security risks, propose mitigation strategies, and ensure alignment with security best practices.
• Perform Security Risk and Assessments (SRA) for critical applications, identifying potential vulnerabilities and recommending enhancements to strengthen security posture.
• Develop and maintain security policies and procedures related to application development and deployment.
• Secure container orchestration platforms such as OpenShift, and manage container runtime environments using Podman and Docker.
• Implement and manage API security solutions, with a preference for experience with MuleSoft and Traceable.
• Oversee the integration and management of open source security using NexusIQ or similar tools to identify and remediate vulnerabilities.
• Install, configure, and maintain Runtime Application Self-Protection (RASP) solutions, specifically Contrast Protect, to provide real-time application security.
• Collaborate with development teams to incorporate security considerations during the software development lifecycle (SDLC).
• Provide security guidance and training to development and operations teams to raise awareness and improve security practices.
• Stay current with emerging security threats, technologies, and regulations to ensure our applications and infrastructure remain secure.

Qualifications:

• Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field.
• Minimum of 5 years of experience in an application security role, with hands-on experience in security architecture and risk assessments.
• Proven expertise in securing container environments and managing container security.
• Experience with API management and security, especially with MuleSoft and Traceable.
• Proficiency in managing open source security and using tools such as NexusIQ.
• Experience with implementing RASP solutions, preferably Contrast Protect.
• Strong understanding of secure coding practices, ethical hacking, and threat modeling.
• Familiarity with industry standards and frameworks such as OWASP, NIST, and ISO 27001.
• Relevant security certifications (CISSP, CEH, OSCP, etc.) are highly desirable.
• Excellent communication, analytical, and problem-solving skills.

Work Environment:

• Fast-paced and dynamic environment requiring adaptability and continuous learning.
• Collaboration with cross-functional teams and stakeholders.