Job Description

Line of Service

Internal Firm Services
Industry/Sector

Not Applicable
Specialism

Operations
Management Level

Manager
& Summary

A career in Information Technology, within Internal Firm Services, will provide you with the opportunity to support our core business functions by deploying applications that enable our people to work more efficiently and deliver the highest levels of service to our clients. You'll focus on managing the design and implementation of technology infrastructure within PwC, developing and enhancing both client and internal facing applications within PwC, and providing technology tools that help create a competitive advantage for the Firm to drive strategic business growth.




Our Information Technology Security team assists PwC in designing and creating sustainable security solutions to provide foundational capabilities and operational discipline through a focus on enterprise requirements and prioritisation, Information Technology security architecture, and the software development lifecycle.
PwC Job Information


Informal Job Title: Application Security Architect Work Level (Job Profile):


PeopleSoft Job Title: PeopleSoft Job Code: [PROVIDED BY HC]


Role (Function): Network Information Security (NIS) Category:


Line of Service: IFS Sub-Role (Job Family): NIS


Reports into what job: Application Security Consulting Manager Additional Role Designator:


Direct Reports to this Job:


SECTION I: Job Summary


Briefly describe what this job is expected to accomplish, including the purpose and/or type of interactions with others (e.g., provides information to others within a unit; advises firm leadership on issues affecting the whole organization, etc.). Also explain the range of responsibility for this job in terms of financial budget managed, firm risk mitigated, magnitude of process ownership, responsibility for a unit, and supervisory responsibility.


Summary Description:


PwC is driving major change across information & cyber security by building a centralized model to provide security services across the entire member firm network.


Mandated at the network level, Network Information Security (NIS) operates outside IT & is responsible for this major program initiative, from definition of the security strategy to execution of the global Cyber Readiness Program, moving from local to centralized services.


Our mission is to identify, control & reduce the attack surface across the member firm network while increasing our adversaries' cost of attack.


In order to deliver the Cyber Readiness Program the NIS team is structured into the following Pillars:
• Information Security Risk & Compliance
• CISO
• Security Architecture, Engineering, Innovation & Transformation (SAEIT)
• Cyber
• Strategy & Alliances
• Chief of Staff
NIS is building the first global cyber security function at PwC. Our mission protects 300,000 PwC members across 160 member firms worldwide as well as our global clients.


If you are seeking an exciting career with the scope to grow your security skills through major change on a global scale, then NIS will empower you to do so.


NIS is responsible for the following services:
• Security Architecture
• Security Engineering
• Innovation
• Security Transformation
• Application Security
If you love designing & building security technology this is the place to be. Within NIS we work closely with the business to define the NIS 5 year security roadmap. Gathering business requirements to combine PwC's goals with conceptual long term security trends to create a target architecture for NIS to deliver against. From this future state plan the Security Engineering team breaks down long term goals into manageable projects and looks to technical security solutions to solve business problems. Designing & building security technology that span the wider PwC network of firms. Once security technologies are built the NIS team works to assist technology teams in designing and deploying compliant applications.


Range of Impact:


• Employee possesses deep functional knowledge in a specific subject matter area or technical domain that is applied in the context of a broader understanding of the functional area and related systems and processes.
• The candidate will contribute to the development of new subject matter/technical domain expertise.
• Resolves complex problems by continuously applying significant independent judgment and by collaborating with others, and influences others, through work on projects and in teams, and/or through leading portions of larger projects
• Demonstrates extensive-level abilities within Application Security.
• Encourages improvement and innovation within Application Security and nurturing and developing less-experienced staff through coaching and written/verbal feedback.
• Perform Application Security tasks with autonomy.

SECTION II: Job Objectives & Key Metrics


Briefly describe essential responsibilities of the job in order of average time spent. Describe activities in terms of the expected end result and the level of functional expertise or specialized knowledge applied. List the key performance criteria that will be used to evaluate performance.


Responsibilities Metrics
• Partner with technology delivery teams to assure that security is properly built in to the technology during the design phase
• Engage with development teams to educate them around secure designs & compliance with the Information Security Policy
• Champion use of NIS best practices and approved tools
• Perform security review as part of the application readiness review process (ARR)

Provide consultation support on a variety of security related subjects Technologies are delivered through the ARR process with no security findings
• Consultation Services team is viewed as a resource that supports and assists in technology delivery
• Work with risk managers and business information security officers to mitigate risk for all technology deliverables


SECTION III: Requirements


List required education, prior experience, technical knowledge and skills, and certifications. Also indicate if there are specific competencies that are critical to success in this job. NOTE: The ten core competencies in the Responsibility Framework are applicable to all jobs.


Degree Preferred:


Bachelor Degree


Fields of Study:


Information Technology, Computer Systems Analysis, Management Information Systems, Computer Applications, Computer Engineering, Computer Programming


Certification(s):
• OSCP, CISSP, ITIL, OSCE, OSWE, CEH, or GWAPT Certifications are a major plus
Skills:


Required:
• The ideal candidate would be 50% programmer and 50% hacker. Examples of qualifications that resemble this profile are as follows
• 3-5 years' experience in a software development field such as Software Developer, Architect, Software Quality Assurance, or Application Security Engineer
• Highly proficient in at least one of the following development languages: C#, C++, Java, .NET, Node.js, or Python
• Possess a strong understanding of application architectural patterns, such as MVC, Microservices, Event-driven etc.
• Creative, organized, responsive, and highly thorough problem solver
• Possess strong business acumen with ability to work with application development, QA and security teams
• Possess a restlessness or desire to break into things
• Knowledge of the OWASP Top 10
• Strong self-starter who has the ability to operate independently
• Has solid understanding and experience with establishing software development policies across an organization
• Excellent oral/written presentation skills with ability to communicate effectively with senior executive leadership; proficiency in preparation of presentations, analytical reports, and documents regarding program operational status, achievement and performance
• Knowledge of effective controls for Application Security, Cloud & Services Hosting, Identity and Access Management, Data Protection, Borderless Connectivity, Endpoint Security, and Cyber Security Operations
• Conversant with ISO 27002:2005/2013 information security standard
• Demonstrating architectural domain knowledge including cloud application architecture and container-based deployment
• Partnering with and enabling the development process to assure that security requirements are met while allowing for maximum speed to market
• Supporting a leading edge development effort by developing standardized reusable security frameworks
• Collaborating with multiple stakeholders across functional and technical skill sets
• Aligning business requirements to complex security architecture frameworks
• Managing multiple security assessments and changing priorities, simultaneously
Preferred:
• Understanding and Passion for Agile/XP/Scrum/Kanban
• Understanding of Test Driven Development built on User Stories
• Understanding of Continuous Integration/Testing/Delivery/CI/CD
• Familiarity with cloud architecture and services, such as AWS.
• Familiarity with Metasploit, Burp Suite, Fuzzing, and Jenkins is preferred.
• Familiarity with code reviews and penetration testing preferred.
SECTION IV: Travel Requirements & Special Circumstances


(e.g., percentage of travel time, frequency of expected site visits, whether virtual work arrangements are possible, etc.)


Percentage of travel time:


0-20%





Mandatory skill sets- Application Security, Security Architecture Design, Network Security, Cloud Applications

Preferred skill sets- Continuous Integrations, Cloud Architectures, Continuous Delivery

Year of experience required- 8

Qualifications- Bachelor's Degree in IT

Education •(if blank, degree and/or field of study not specified)•

Degrees/Field of Study required:
Degrees/Field of Study preferred:
Certifications •(if blank, certifications not specified)•

Required Skills

Application Security, Cloud Applications, Network Security, Security Architecture Design
Optional Skills

Cloud Architectures, Continuous Delivery, Continuous Integrations
Desired Languages •(If blank, desired languages not specified)•

Travel Requirements

Available for Work Visa Sponsorship?

Government Clearance Required?

Job Posting End Date