Job Description

POSITION SUMMARY:

IPG is seeking a Software Security Architect to join the CISO group. The individual will be responsible for program management of the application security program including setting strategy and leading adoption of secure software development lifecycle (S-SDLC) program across IPG and its agencies.  Preference is given to candidates with a background in software development and a strong understanding of software development lifecycle. The ideal candidate is a good communicator, persuasive, analytical, understands risk and is knowledgeable in application development.  This is a position where the right candidate can build a world class software security organization.

ESSENTIAL FUNCTIONS:

Lead software security program strategy based on business needs
Evangelize the adoption of secure software development lifecycle methodology across enterprise
Manage implementation and adoption of centralized application security services.
Lead the assessment, metrics, and reporting of software security risk across IPG’s application portfolio
Chair the global software security working group
Act as primary point of contact for software security questions and mentoring for security champions
Engage with third party venders to deliver software security tools and services
Strong knowledge of or the ability & interest to learn common software risks (such as OWASP top 10)
Familiarity with threat modeling, software composition analysis, and vulnerability disclosure programs

EDUCATION, SKILLS AND EXPERIENCE REQUIREMENTS:

Bachelor of Science in Computer Information Systems, Computer Science, Information Systems Management, related field or equivalent work experience
6+ years of combined hands-on experience in software development, application engineering, and hosted applications.
Information Security certification or equivalent desired
Knowledge of NIST-800 and Cloud Information Security (CIS).Strong understanding of development methodologies, particularly Agile and DevOps.
Familiarity with static and dynamic application security, penetration testing and vulnerability assessment tools, such as Veracode, Checkmarx, Burp Suite and WPscan
Familiarity with API standards and implementation (OAuth, JWT, JWYKey, Public key encryption, OpenId).
Experience working with development technologies such as Microsoft .NET (C#), ASP.NET/MVC, WCF/Web API/REST, JavaScript frameworks, HTML+CSS3+Javascript.
Able to explain impact of vulnerabilities and mitigating strategies to application development teams.
Good oral and written communication skills

BENEFITS OF JOINING IPG:

One of our primary goals is to support the health and well-being of you and your family. Our compensation plan includes the following benefits, in addition to many others:

Healthcare Options

Medical
Dental
Vision
Prescription

Dependent and Health Care Flexible Spending Accounts
401(k) savings plan with company match
Flexible based Paid Time Off
Employee Assistance Program
Legal Assistance Plan
Tuition Reimbursement
Employee Stock Purchase Plan
Exclusive discounts on cell phones, gyms, and everyday purchases