Come be a part of our mission and make a meaningful and positive impact with the industry leading provider of language services for the Deaf and heard-of-hearing!
Benefits
- Paid Vacation Time and Paid Sick Time and Paid Holidays
- 401k 6% match with immediate vesting
- Nationwide Medical Insurance plans and coverage (Medical, Dental/Orthodontia, Vision)
- TeleDoc
- HSA company match
- 3 Medical plan options including a Low Deductible PPO Medical Plan Offering
- Employee Assistance Program
- Engaged Employee Resource Groups
- Outstanding Learning and Career Development Opportunities
Pay Range: Actual pay may vary up or down depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position may be eligible for incentive compensation.
Job Summary
Sorenson is looking for an Application Security Architect to manage the security, testing, and validation of Sorenson products and systems within the Security Architecture Team. The primary function of this role is to manage the web application security management program, promote industry accepted practices to secure cloud infrastructure, and participate in the Cyber-Threat Hunting Program. As a member of the overall Information Security Program, this individual will also contribute to the Governance Risk Compliance Program as part of the organization’s overarching security and regulatory requirements (i.e. HIPAA, SOC1, SOC2, ISO27001, FISMA FedRAMP, GLBA, GDPR, PIPEDA, NY Cybersecurity Law, etc.) and industry accepted practices in the security space.
The candidate will perform web application security assessments, integrate tools with Sorenson’s CICD pipeline, analyze source code, work with product delivery to validate vulnerabilities, prepare and present results, advise on results and assist in estimation, and follow up on remediation of ongoing vulnerabilities with Product Delivery and relevant stakeholders. This role will develop, define, maintain, and communicate application & cloud infrastructure security standards, and conduct application threat modeling assessments. This role will also participate in Security’s cyber-threat hunting program, investigating and responding to threats to Sorenson’s environment, conduct cyber forensic investigations, and cross-collaborate with Network Security and the Security Operations Center to identify tactics and techniques for detection and prevention. This candidate may also participate in the development of new design and security strategies across Sorenson’s cloud-based applications, including infrastructure, platform and SaaS. Furthermore, this candidate will be responsible for supervising and developing staff.
In addition to the compliance and assessment requirements of the Application Security Architect’s role, the candidate will have the opportunity to contribute and lead other areas within the Information Security Program arena. This includes projects related to such topics as: Security Governance, IT Security Risk Assessment, Compliance, as well as various security initiatives.
Essential Duties and Responsibilities
- Collaborate with / provide hands-on training to engineering and QA teams to ensure secure development standards and secure coding best practices are followed.
- Work with engineering / IT teams to develop and maintain secure development practices.
- Work closely with functional-area architects, engineering, and security specialists throughout the company to ensure adequate security solutions and controls are in place throughout all IT systems, cloud systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.
- Collaborate with Product Managers, Platform Leads, and Information Security teams, to design and implement secure solutions.
- Develop / maintain integrated testing processes with QA and security teams.
- Lead in defining and developing test plans and test automation to streamline security testing processes.
- Master security tools to provide SAST, DAST, SCA, WAP, CSPM, PaC and other security testing.
- Perform, review and assess the security testing completed on products and systems to ensure they meet security standards.
- Identify potential threats to, and opportunities for, Sorenson’s services and products.
- Document test findings & provide comprehensive test reports & analysis from test activities per regulatory requirements.
- Develop and maintain documentation and diagrams for security tools, system environments, and cloud operations.
- Work with the Cloud Operations / Engineering teams in the definition and implementation of cloud security standards and best practices
- Provide technical advice to internal organizations and product owners on compliance and information security, specializing in application-level security and secure coding techniques.
- Support the regulatory compliance initiatives, processes, and documentation for ISO 27001, FedRAMP, SOC2, etc.
- Build automation to actively audit the infrastructure for security misconfigurations.
- Work within a DevOps security model so that security is automated and elastic across Sorenson platforms.
- Codify traditional security processes to take humans out of the equation making security consumable as a service.
- Develop security and compliance capabilities in support of DevOps processes.
- Collaborate with other engineers and the client team to continue finding new areas that can be improved by bringing a DevOps mindset to public clouds, private clouds, backup systems and monitoring solutions.
Supervisory Responsibility
This position has no supervisory responsibilities.
Travel Requirements
Travel Requirements: Less than 25%
Education
Minimum of 4 Year / Bachelors Degree Computer Science degree with at an accredited non-profit university with a GPA of 3.0 or higher.
Minimum of Certification One or more of the following certifications: GCSA, CISSP, or GCIH
Preferred Certification: One or more of the following certifications: OSCP, AWS Solutions Architect Assoc., AWS Certified Security Specialist, Azure Cloud
Preferred Certification: AWS or Azure (Professional architect Associate level certification), AWS Certified Security Specialist, AWS Certified Solutions Architect Associate, Azure Architecture and Services, Azure Mgmt and Governance
Experience
Minimum Years of 3-5 years verifiable professional experience in 3+ of the following Information Security domains:
- Application Security / DevSecOps
- Security Architecture / Cloud Security Architecture
- Security technologies (e.g., firewalls, security event monitoring, IDS/IPS , malware detection)
- Governance, Risk &/or Compliance
- SIEM / XDR (ie, Splunk, ELK, XDR, LogScale)
- Scripting / coding languages like Python, Javascript, Bash, Ruby-on-Rails, Java, Perl, C++
- Experience designing, testing and/or validating system controls, configuration, secure coding and other requirements.
- Experience in penetration testing or other security-related testing such as fuzz testing, software composition analysis, static analysis, abuse case testing and known vulnerability scanning
- Experience with the development, deployment and automation of security solutions in large enterprise environments to connect to cloud solutions such as AWS and Azure while maintaining secure operations
Knowledge, Skills, and Abilities
- Excellent documentation skills (i.e., solution workflow diagrams, system documentation, playbooks)
- Excellent written and verbal communications skills, including presentational skills
- Ability to conduct web application and mobile security assessments and handle vulnerability remediation of applications
- Able to clearly communicate risk to upper management and other key stakeholders
- Self-starter, independent, takes initiative to complete assignments, finds & resolves issues, gathers information, works with others, & grows team capabilities with minimal supervision
- Critical thinker, enjoys learning, excellent debug & problem-solving skills
- Proficient with JSON/YAML/Regex/SPL scripting, good with Bash and Python
- Understanding of or experience with industry and regulatory standards, including NIST 800-53, ISO/IEC 27001, AICPA SOC 2, PCI DSS, GDPR, CCPA, FedRAMP
- Demonstrable ability to build Threat Models and analyze security weaknesses in complex deployments with varying technology stack
- Expertise in securing the integration of multiple environments across on-premise, multi-cloud, and hybrid architectures
- Working proficiency with work tracking systems such as JIRA
Company Summary
Our Mission…Harnessing the power of language, we connect diverse people and enrich the human experience.
Our Vision…To provide global language services that expand opportunities, nurture belonging, and empower the world to connect beyond words.
As one of the world’s leading language services providers, Sorenson combines patented technology with human-centric solutions. We strive to increase diversity, equity, inclusion, and accessibility for underrepresented people through communication solutions for all: call captioning and video relay services, over-video and in-person sign language and spoken language interpreting, translation, real-time captioning, and post-production language services.
Sorenson’s impact vision and plan extends to supporting employment opportunities for diverse employees, customers, and communities. As a minority-owned company, we are committed to expanding opportunities for underserved communities while promoting an inclusive workplace for our own employees.
Equal Employment Opportunity:
Sorenson Communications is an Equal Opportunity, Affirmative Action Employer.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)