Application Security Architect
Location: Minneapolis, Minnesota, United States
Company: MercerJob ID R_053632-en Apply
Application Security Architect
Mercer is a global consulting leader in talent, health, retirement, and investments. Mercer helps clients around the world advance the health, wealth, and performance of their most vital asset – their people. If you thrive on challenge, are passionate about delivering quality service, love solving problems, and truly enjoy connecting with people, we encourage you to explore the many job opportunities available through Mercer. Mercer is a wholly owned subsidiary of Marsh & McLennan Companies (NYSE: MMC), a global team of professional services companies offering clients advice and solutions in the areas of risk, strategy, and human capital. MMC has over 56,000 employees worldwide and annual revenue exceeding $12 billion. For more information, visit www.mercer.com or follow Mercer on Twitter @MercerInsights.
Reporting to the Director of Information Security, you will participate in the secure software development lifecycle of Mercer applications. He or she will be part of the Mercer Information Security team, and will collaborate with other IT teams including operations, infrastructure and application development.
- Engage in new and existing application projects to provide guidance and direction with regard to all aspect of the SSDLC
- Assist in the identification, prioritization, and remediation of application vulnerabilities
- Leverage industry standard tools to map and model the application architecture and traffic flow to predetermine areas of focus for improving security and reducing risks.
- Solution compensating controls and mitigation strategies to reduce technical and business risk with regard to application security and data protection
- Enhance and/or develop KPI reports showing remediation effectiveness and risk reduction
- Assist with other application security programs as needed
- Help define and continuously improving application vulnerability product and technology roadmaps
- Research industry best practices and maintain technical expertise to remain relevant in the industry
- Participate in the computer incident response team as required by providing Tier III support as needed to mitigate security incidents
- Bachelor degree in computer sciences or information secure or 4 years or more in information security, with exposure/knowledge of application vulnerability management
- Experience with adding security to the CI/CD pipeline
- Extensive deciphering and analysis of DAST and SAST finding
- Ability to remain current on security industry trends, attack techniques, mitigation techniques, security technologies and new and evolving threats
- Possess a vast and diverse understanding of application coding practices, terminology, and remediation techniques for OWASP top 10 and SANS top 25 required
- Excellent interpersonal skills and ability to leverage cross-functional teams to drive changes in a complex environment
- Strong oral and written communication skills
- SANS training/certifications and CISSP preferred
Marsh & McLennan Companies offers competitive salaries and comprehensive benefits and programs including: health and welfare, tuition assistance, pension and 401K, employee assistance program, domestic partnership benefits, career mobility, employee network groups, volunteer opportunities, and other programs. For more information about our company, please visit us at: http://www.mmc.com/. We embrace a culture that celebrates and promotes the many backgrounds, heritages and perspectives of our colleagues and clients. For more information, please visit us at: www.mmc.com/diversity.