Principal Security Technical Architect, Digital & Mobile eCommerce
Principal Security Technical Architect, Digital & Mobile eCommerceSimilar Industry Titles and Key Words: eCommerce Security Architect, Enterprise Security Architect, Lead Security Architect, Digital Security Architect, Mobile Security ArchitectAbout This OpportunityUse your skills, experience and talents to be a part of groundbreaking thinking and visionary goals. As a Principal Security Technical Architect, you'll take the lead as you…
- Improve the security of Target's digital platforms, accessed on the Web and via mobile devices and delivered via services in traditional data centers and in the Cloud, by selling senior leadership and business partners on your strategic technology priorities.
- Leverage advanced warning about new threat patterns from Target's Threat Intel and Threat Detect groups to design countermeasures that anticipate threat actors' next pivot within our platform architecture.
- Maintain alignment between security product roadmaps and expected business application requirements.
- Ensure on-going ability for systems to satisfy regulatory compliance (PCI, GLBA, SOX, EU GPDR, etc.) with minimum evidenciary effort using compliance scoping strategies that favor data devaluation and endpoints capable of determining level-of-trust.
- Educate Target Digital and Mobile engineering teams on web application security defense (AppSec) to build better security into their products.
- Champion the security advantages that can arise from an Agile/DevOps approach to IT management.
- Assist engineering teams in developing secure solutions by seeding reference implementations side-by-side with them
- Mentor and lead security and non-security engineers to develop future leaders.Required skills
- BA/BS or equivalent experience
- Can demonstrate personal sustained multi-year impact on the total security posture of eCommerce system(s) serving millions of requests per day at peak utilization
- Functional understanding of gift card aftermarket
- Capable of expressing security solutions using pseudo-code logic or actual programming language semantics
- Can build within technologists a working knowledge of the ways in which Internet-accessible workloads are attacked and defended (OWASP Top 20 from past 3 years). Examples include: cross-site scripting (XSS), cross-site request forgery (XSRF), command/SQL injection (SQLi), TLS downgrade attacks (padding oracle, et al.), password spraying, etc.
- Has led teams in implementing modern Internet application architectures that securely balance high scale and low latency for data access and consistency (upper right of CAP Theorem)
- Can build RESTful services for Web and Mobile applications
- Conveys technical solutions clearly to audiences with varying levels of technical background, from retail business leaders to software development leads
- Ability to provide work direction to a small team as neededPreferred skills
- Prior work as a PCI Qualified Security Assessor (QSA) auditing large retailers
- Direct experience implementing consumer-based multi-factor authentication techniques, social media federation, OAuth and SAML
- Direct experience implementing security controls to prevent account take-over, botnet automation susceptibility, and distributed denial of service attacks (DDOS)
- Working understanding of security challenges of Internet of Things devices
- Experience using Content Delivery Networks (CDNs) and traffic shaping to accelerate digital systems
- Large retail background a plus