Company: MercerDescription:Mercer is seeking candidates for the following position based in Melbourne or Sydney:Application Security ArchitectWhat can you expect?Mercer Information Security is looking for an Application Security Architect to play a key role in ensuring the security of Mercer's application systems. As part of the Information Security team, you will work closely with application, infrastructure, operations, and other technical teams to review and deliver secure application systems. Reporting to Mercer's Application Security Architect Lead, you will be the dedicated information security resource supporting the Asia Pacific business.What is in it for you?
- Hybrid working environment.
- Leading training and development programs.
- Professional environment where your career path really matters and is supported in our global organization.
- Great team of supportive colleagues.
- Support Mercer Information Security strategies and fundamentally ensure the security of the information Mercer is entrusted to protect.
- Review and provide security recommendations for Engineering Design Diagrams.
- Engage in new and existing application projects to provide guidance and direction for all aspects of the Secure Systems Development Life Cycle (SSDLC).
- Work with business and IT to create data flow diagrams.
- Assist with assessing and remediating BitSight Score findings.
- Assist in the identification, prioritization, and remediation of application vulnerabilities.
- Help define and continuously improve application vulnerability product and technology roadmaps.
- Leverage industry-standard tools to map and model the application architecture and traffic flow to predetermine areas of focus for improving security and reducing risks.
- Assist with Mercer's security program, client security requests, audits, risk exceptions, and questionnaires.
- Liaise with Marsh McLennan colleagues and stakeholders and navigate the system to continue with the IT deployment plan in place to achieve the business objectives.
- Integrate Mercer's security framework with Marsh McLennan policies.
- Understanding of application coding practices, terminology, and remediation techniques for OWASP top 10 and SANS top 25 are required.
- A bachelor’s degree or equivalent work experience in computer science, information systems, informatics, cybersecurity, or a related field.
- 3+ years of experience in a technical cybersecurity role, with experience in cloud security and cloud system implementation.
- Exceptional technical acumen, with a deep understanding of IT systems, emerging technologies, and cybersecurity practices.
- Experience with adding security to the CI/CD pipeline.
- Experience remediating findings found by cybersecurity rating firms.
- Ability to remain current on security industry trends, attack techniques, mitigation techniques, security technologies, and new and evolving threats.
- Excellent interpersonal skills and ability to leverage cross-functional teams to drive changes in a complex environment.
- Strong oral and written communication skills.
- SANS training/certifications and CISSP are preferred.
- Experience with cloud computing environments.