Application Security Architect

Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH) is a global, integrated healthcare services and products company connecting patients, providers, payers, pharmacists and manufacturers for integrated care coordination and better patient management. Backed by nearly 100 years of experience, with more than 40,000 employees in nearly 60 countries, Cardinal Health ranks among the top 25 on the Fortune 500.

We currently have a full-time career opening for an Application Security Architect.

Department Overview

Covering the full solution stack the Solution Security Architecture team develops and implements security strategies, provides security architecture/design services to solution teams, and publishes secure patterns and examples that provide guidance for secure solution implementation.  Founded on a key principle “Build Security In”, the Solution Security Architecture team works closely with application, platform, and network teams to embed security into their build processes.

Accountabilities in this role

In this role, the Application Security Architect will be responsible for enabling teams to embed security into their application development / software engineering processes.  The Application Security Architect will be accountable to:

  • Evolve and execute the application security strategy
  • Ensure the security of Cardinal Health products and solutions by working closely with product teams, engineers and testers to act as interface between the project team and the information security team
  • Work with information security, application architects and solution teams to develop secure coding best practices with samples and documentation for key concepts, including enterprise identity management, ESAPI, encryption, and Web Services
  • Collaborate with Security Operations to accomplish dynamic scanning and manual penetration testing
  • Prioritize applications for scan through risk evaluation
  • Assist teams with triage and remediation advise of scan results, providing code examples when needed
  • Support tools used for security scanning, providing assistance to teams, working with vendors to resolve issues, managing upgrades, etc.

Qualifications

  • Proven programming experience with Java and a working knowledge of JavaScript and .Net
  • Working knowledge of other programming languages including C, C++, Swift, and Python a plus
  • Experience with CI/CD tools such as Jenkins and Concourse
  • Understanding of secure coding practices and common web vulnerabilities (OWASP Top 10) with the ability to identify and remediate the vulnerabilities.
  • Exposure to security controls such as static scanners, dynamic scanners, web proxies, and web application firewalls
  • Experience performing code reviews and vulnerability assessments as part of the software development lifecycle and experience working with application security tools such as Veracode and Burp Suite are a plus
  • Strong written and verbal communication skills and the ability to interact well with different levels within the organization
  • BS in computer science or related discipline, or equivalent