Application Security Architect

About Kraken

Our mission is to accelerate the adoption of cryptocurrency so that you and the rest of the world can achieve financial freedom and inclusion. In our first decade, Kraken has risen to become one of the largest, most successful and respected crypto exchanges on the planet.

We are changing the way the world thinks about finance and our range of successful products are playing a critical role in the mainstream adoption of crypto assets. We continue to trail-blaze into new territory with the introduction of Kraken Bank, providing a more seamless integration between crypto and the traditional financial system. This makes us the first crypto company (ever) to be awarded a U.S. state banking charter.

Our diverse group of 2,000+ Krakenites are distributed all over the world as part of our 'remote first' culture, united by a shared passion for delighting customers, upholding crypto values and achieving our meaningful mission. We attract people who push themselves to improve, are radically transparent and think differently in order to unlock their potential.

Crypto is a rapidly evolving industry and we’re just getting started. We’re growing fast and you're invited to join the revolution!

We are seeking to add an Application Security Architect to our growing team. This individual will utilize a combination of business process analysis, technical process analysis and technical expertise to develop enterprise architecture security deliverables. This role will analyze the relationships of the various IT components and business processes to define approaches that provide significant value to our clients by driving appropriate security strategies. This role will work closely with project decision makers and business leaders as well as varying levels of technologists requiring this individual to have solid communication skills with all levels of an organization. Additionally, this individual would be responsible for developing advanced enterprise security ideas aligned with key industry standards that can guide our security offerings into the future.

Responsibilities

• Build strong client relationships and effectively influence staff at all levels of client organizations.
• Advise senior management on security risks.
• Translate security risks to business impact.
• Consult and facilitate delivery of Information Security strategic goals and initiatives for clients
• Assists in the evaluation and threat modelling of overall risk for systems (including data), accounting for the people, processes, and technologies that provide security controls
• Architects, prioritizes, coordinates and communicates the choice of security technologies necessary to ensure a highly secure yet usable computing environment
• Provide security architecture and advice in support of application development, infrastructure, and enterprise technology projects.
• Coordinate with various project teams to communicate the necessity of security requirements and design constraints.
• Identify any gaps in existing application security infrastructure to meet project requirements, work with leadership to identify and roadmap solutions.
• Perform code analysis, application security reviews, and assist with our application security training program.
• Remains current with security technologies and make recommendations for use based on business value.
• Maintains an expert knowledge in the field of Information Security and the related issues, systems, processes, products, and services.
• Provide training and mentoring to security and engineering teams.

Qualifications

• Solid history of designing, developing, or customizing application authentication and authorization systems.
• Understanding of the OWASP Top 10 application security risks and how to address them.
• Working knowledge of OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM).
• Strong working knowledge of enterprise software technologies, application security, and infrastructure.
• Working knowledge of cloud computing platform offerings and security related services.
• Hands on experience with encryption, hashing, secure random number generation, key derivation, key management, digital signatures, etc. in one or more major development languages.
• Core understanding of web application security scanning software and related penetration testing tools
• General knowledge of core security networking concepts like TLS, SSH, DNS, Firewalls etc.
• Solid understanding of cloud architecture as well as on premise IT landscape.
• General understanding of regulatory compliance and how it relates to application security and privacy.
• Applicable certification strongly preferred (e.g.,etc.) or obtained within 6 months of employment
• Strong communication skills, both written and verbal.
• Good presentation skills.
• Ability to articulate technically advanced issues to all audiences.
• Highly seasoned in organizational, time management, decision making and problem solving skills
• Ability to mentor and train internal and client teams.
• Ability to work under pressure, establish priorities and respond with urgency.

Experience/Education

• Bachelor's degree or equivalent experience
• 5+ years of advanced security experience.
• Minimum of 7 years application development experience
• Applicable certification strongly desired (CISSP, CISSP - ISSAP, CEH, OSCP, etc.) or obtained within 6 months of employment.

Most important criteria is a strong desire to be part of a high performing team, providing quality solutions and experience.

We’re powered by people from around the world with their own unique backgrounds and experiences. We value all Krakenites and their talents, contributions, and perspectives.

Deadline for applications: 16.02.2022.