Skills in demand: Application Security Architect
The need for Application Security experts has grown dramatically as enterprise systems become more and more complex. While Application Security Engineers can be focused on a variety of enterprise or mobile applications, the Application Security Architect must understand how applications fit into a multi-tiered architecture. They must consider all system vulnerabilities and their relationship to each application from design/development through implementation and maintenance.
What it takes
This is a subject matter expert with strong knowledge of IT architecture, hardware, web security, identity and access management, application firewalls, intrusion detection as well as threats and vulnerabilities. AppSec Architects often have deep technical knowledge and hands on experience with secure code review, static analysis security testing, dynamic application security testing and strong knowledge of web development technologies. An overall understanding of complex systems and expertise in threat/attack modeling is critical as well as the ability to interact with cross-functional teams.
Base compensation can range from $150-200K, often with additional incentives. Independent contract rates can be higher.
– Domini Clark, principal, Blackmere Consulting; founder and director of strategy, InfoSecConnect.com.