Security Solutions Architect | DevSecOps/AppSec (Remote)

About the Role:

Trace3 is seeking an experienced Application Security Professional to join our fast-growing DevSecOps consulting practice, helping customers evaluate and implement application security solutions. This is a presales role where you will serve as the solutions expert, supporting our sales teams in prospecting, influencing, architecting, and scoping application security solutions for our customers. You will assist in developing application security sales and technical training collateral for customers and internal sales teams. Additionally, you will conduct research and market analysis of leading application security platforms, performing lab testing to validate coverage and efficacy. You will also help our sales teams understand clients' business goals and technical requirements to recommend appropriate application security solutions for their use cases. This includes planning and leading the implementation and adoption of application security platforms, reviewing customer software architecture and source code, providing training for developers and management, and driving solution adoption across multiple development teams.

What You’ll Do:

• Lead presales engagements as the DevSecOps Application Security subject matter expert to Trace3 customers and sales teams nationally
• Work closely with our sales teams throughout the sales process to ensure all the client’s technical needs are understood and met with the best possible solution options
• Drive technical relationships with all stakeholders and support sales opportunities
• Present at client facing and industry events as the SME in application security
• Conduct research analysis and lab testing of application security solutions to evaluate efficacy, use cases coverage, and fit-for-purpose
• Build and maintain application security vendor partner relationships
• Contribute to the development of both customer facing and internal facing presales collaterals
• Contribute to the development of service offering collaterals and service delivery documentations that we can take to market with selected application security solutions
• Champion Agile and DevOps leading-practices, processes, design patterns, and tools in support of DevSecOps transformation
• Assist in services opportunity generation, technical scoping, and Statements of Work (SOW) writing
• Assist in the delivery of application security services
• Promote DevSecOps culture to our customers
• Drive adoption of application security tools and DevSecOps practices as part of customer’s transformation

Qualifications & Interests:

• At least 5 years of Development Experience in any programming language
• Minimum of 8 years of combined hands-on experience as a software engineer, DevOps engineer, and/or Application Security engineer
• Previous experience working as a Sales Engineer or Solutions Architect working with application security software products or services
• Ability to assess customer requirements, identify business problems, and demonstrate proposed solutions
• Programming and scripting proficiency – minimum of two: C#, Java, Typescript, Javascript, Bash, Python, Go
• Hands on experience with various application security tools including SAST, SCA, IAST, DAST, API Security, WAF, and RASP
• Hands on experience implementing and integrating security tools into CI/CD
• Hands on experience integrating and operating commercial application security solutions (SAST/SCA/DAST/IAST) such as Veracode, Checkmarx, Synopsys, WhiteSource, Snyk, Invicti – Accunetix or Netsparker, Contrast Security
• Hands on experience delivering secure software based on frameworks such as OWASP SAMM, ASVS, MASVS, CWE, SANS, BSIMM.
• Hands on experience implementing and integrating security tools into CI/CD
• Experience with Agile methodologies such as Scrum and Kanban
• Knowledge of developer tools and environments, project management and bug tracking systems
• Understanding of cloud native development patterns and microservices architecture
• Prior experience working at an application security vendor – bonus points

BONUS QUALIFICATIONS:

• Experience with Mobile Application Security solutions and practices
• Experience with API security solutions such as Traceable, Noname Security, Salt Security
• Understanding of service-oriented architecture (REST APIs, micro-services, etc) and security best practices
• DevOps and Architecture experience and certifications with one of the major public cloud providers (AWS, Azure, Google Cloud)
• Experience with securing containers, kubernetes, and AWS Lambda functions
• Experience conducting secure coding training and implementing security champions program
• Experience conducting threat modeling and application penetration testing
• Prior consulting experience is a plus
• Must have excellent interpersonal skills, a high degree of professionalism and the ability to design technology solutions for commercial and large enterprise companies
• Excellent presentation, communication, and writing skills required

The Perks:

• Comprehensive medical, dental and vision plans for you and your dependents
• 401(k) Retirement Plan with Employer Match, 529 College Savings Plan, Health Savings Account, Life Insurance, and Long-Term Disability
• Competitive Compensation
• Training and development programs
• Stocked kitchen with snacks and beverages
• Collaborative and cool office culture
• Work-life balance and generous paid time off

***To all recruitment agencies: Trace3 does not accept unsolicited agency resumes/CVs. Please do not forward resumes/CVs to our careers email addresses, Trace3 employees or any other company location. Trace3 is not responsible for any fees related to unsolicited resumes/CVs.