Aspen Technology, Inc. Technical Director - CyberSecurity in Bedford, Massachusetts

Overview

As a leader of the Application Security and Compliance team, you will provide guidance and your expertise through product secure development life cycle processes, security of products, advice and evangelization of developers on application security best practices, and prescribe actions. We are looking for a sharp, disciplined, application software security subject matter expert (SME) with deep technical expertise in Security, Cryptography, Authentication, Application Security, etc. to fill a security engineering leadership role.

The ideal candidate will have experience in architecting, building and delivering innovative and proactive secure solutions that are resilient to even the most sophisticated attacks of today and tomorrow. As a member of the Technology organization, this position will work closely with application development teams, security engineering, quality assurance, and information security teams across the organization.

  • You will work with smart and passionate people to deliver results that have a direct impact on the company’s bottom line.

  • You will take on important and exciting responsibility from day one, working with key stakeholders across the company.

-You will be challenged to excel and lead alongside the brightest talent in the industry and be rewarded for your achievements.

Responsibilities

This candidate shall have:

  • Knowledge of software design principles, architecture guidelines, functioning of middleware & messaging systems, and Service Oriented Architecture (SOA)

  • The ability to test and verify the security of products, interpret results, identify and characterize fixes, advice and evangelize developers on best practices

  • The ability to be a cybersecurity change agent capable of defining and executing the strategy for cybersecurity initiatives independently and in alignment with the company business objectives

  • Thorough knowledge of the complete Secure Development Life Cycle(SDL) and the ability to implement/oversee the packaging and releasing of critical patches, which may include but not be limited to data corruption and security fixes

  • The ability to anticipate cybersecurity risks: understand how hackers think, business ethics, and the mandate to protect corporate interests

  • Knowledge of secure development best practices for highly distributed software products that run on-premise as well as in the cloud (IaaS, SaaS).

  • Knowledge of secure development best practices for Internet of Things (IoT) applications (sensor to edge to cloud). Experience with IIoT applications a plus.

  • Knowledge in the areas of software and network security, compliance, and control

  • Knowledge in various security, compliance, and control initiatives

  • Ability to communicate and collaborate at all levels including executive management, developers, QE engineers, IS and customer facing personnel

Responsibilities:

  • Define and execute the strategy for cybersecurity initiatives independently for the Technology organization and in alignment with the company product initiatives

  • Responsible for the policy, implementation, and oversight of the application security program for the Technology group

  • Audit compliance with executive, legislative and company mandates affecting cybersecurity programs

  • Provide leadership to leverage IT resources in order to improve the security of applications being developed

  • Monitor and evaluate the progress of the cybersecurity initiatives and their accomplishments

  • Collaborate with peers and development personnel to promote the scalability, configurability, performance, security, customizability, and quality in our products

  • Support the Technology organization to shape new product directions as well as implement the product strategy with the perspective of ensuring secure applications

  • Perform periodic reviews and assessments of security architecture of all products and enforce best practices to ensure that appropriate security functions have been included in the application software design and architecture

  • Adhere to standard processes such as issue tracking, source code control, coding conventions, and the software development life cycle (SDLC)

  • Optimize and tune performance of products with security features enabled

  • Direct the development and implementation of the security vulnerability scanning systems and security program within R&D

  • Advise senior management on major application security decisions

  • Responsible for the efficient management and safeguarding of resources and assures internal controls meet company standards

  • Maintain current knowledge of relevant technology as assigned.

Qualifications

  • 10+ years software development experience in one or more of.NET, C/C++ or C#(Java, JEE a plus)

  • Certified Information Security Professional (CISSP), and Certified Information Security Manager (CISM) certifications would be a very strong plus

  • Experience in using application security tool, such as IBM AppScanand Rapid7 Appspideris a plus

  • Experience in designing and building HTML5, CSS, JavaScript, XML, JSON, IIS Web Applications, Web Services, Enterprise Class Distributed Messaging Systems, and deep knowledge of integration patterns

  • Demonstrated ability working with Object-Oriented Design and other Software Patterns

  • Knowledge of lightweight UIs in HTML and JavaScript development

  • Good inter-personal, presentation and communication skills (special skills encouraged)

  • Experience in architecting, designing, developing, and debugging network-centric distributed software systems for the Enterprise

  • Experience in dealing with “Continuous Integration/build systems”

  • Proven history of working well in groups and with off-shore teams

  • Demonstrated ability to take on and be accountable in delivering initiatives without frequent supervision or assistance

  • B.S. or higher in Applied Math, Statistics, Computer Science, or related field; though Masters degree is not required, subject matter expertise in application software security is a must

Additional Requirements:

  • Proficiency in Enterprise System Security is required including Authentication, Authorization, Permissions, LDAP, Active Directory, SAML 2.0 tokens

  • Experience in implementing dynamic and secure web services; knowledge of WS* Web Services and REST is required. Experience in implementing security around Web Services will be considered plus

  • Experience Agile Software Methodology, Scrum, iterative software methodologies, and XP (Extreme Programming) would be a plus

  • Experience developing for and supporting mobile devices

  • Experience with Open Source in an Enterprise Application Software Development Environment a plus

  • Thorough understanding of Cryptography and its application in software development

  • Ability to prioritize and track multiple projects in parallel and experience running development teams using progressive methodologies

Aspen Technology is an Equal Opportunity Affirmative Action employer.

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.

Connect With Us!

Not ready to apply?for general consideration.

Req # 9765

# of Openings 1

Job Posting Category Information Technology