AIR Worldwide (AIR), a Verisk business, provides risk modeling solutions that make individuals, businesses, and society more resilient to extreme events. In 1987, AIR Worldwide founded the catastrophe modeling industry and today models the risk from natural catastrophes, terrorism, pandemics, casualty catastrophes, and cyber attacks, globally. Insurance, reinsurance, financial, corporate, and government clients rely on AIR’s advanced science, software, and consulting services for catastrophe risk management, insurance-linked securities, site-specific engineering analyses, and agricultural risk management. AIR Worldwide, is headquartered in Boston with additional offices in North America, Europe, and Asia. To learn more about AIR, please visit us at: www.air-worldwide.com. We are proud to be a part of the Verisk family of companies! 

At the heart of what we do is help clients manage risk. Verisk (Nasdaq: VRSK) provides data and insights to our customers in insurance, energy and the financial services markets so they can make faster and more informed decisions.   

 Our global team uses AI, machine learning, automation, and other emerging technologies to collect and analyze billions of records. We provide advanced decision-support to prevent credit, lending, and cyber risks. In addition, we monitor and advise companies on complex global matters such as climate change, catastrophes, and geopolitical issues.   

But why we do our work is what sets us apart. It stems from a commitment to making the world better, safer and stronger.   

It’s the reason Verisk is part of the UN Global Compact sustainability initiative. It’s why we made a commitment to balancing 100 percent of our carbon emissions. It’s the aim of our “returnship” program for experienced professionals rejoining the workforce after time away. And, it’s what drives our annual Innovation Day, where we identify our next first-to-market innovations to solve our customers’ problems.   

At its core, Verisk uses data to minimize risk and maximize value. But far bigger, is why we do what we do.  

At Verisk you can build an exciting career with meaningful work; create positive and lasting impact on business; and find the support, coaching, and training you need to advance your career. We have received the Great Place to Work® Certification for the fifth consecutive year. We’ve been recognized by Forbes as a World’s Best Employer and a Best Employer for Women, testaments to our culture of engagement and the value we place on an inclusive and diverse workforce.  Verisk’s Statement on Racial Equity and Diversity supports our commitment to these values and affecting positive and lasting change in the communities where we live and work.  

AIR is looking for an Application Security Architect who will focus on ensuring that our architecture and software designs meet security requirements in a Cloud environment. You will work closely with our software and product management groups to develop requirements and follow best practices as we build secure products that is deployed in a Cloud environment. This role requires gaining solid technical knowledge of our software stack, great communication skills, and the ability to design and implement secure application architecture.

The Role:

The ideal candidate will be able to work with stakeholders, including IT, business, product, and software development team members to influence the application dataflow design and extensible product platform architecture.

The role will perform the following (but not limited to) tasks.

• Provide security architecture and advice in support of application development, infrastructure, and enterprise technology projects. Enable, and improve the security of the software solutions developed within the company.
• Identify any gaps in existing application security infrastructure to meet project requirements, work with the Product Management to identify and roadmap solutions.
• Knowledge of Cloud Security, Identity and Compliance related tools.
• Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications, and software.
• Define, document, and implement the application security architecture for new solutions including but not limited to the following:

            o Authentication & authorization

            o Account administration controls

            o Events Auditing

            o Data Security

• Identify architectural and other security risks associated with the solution and implement compensating controls where necessary.
• Perform code analysis, application security reviews, and develop an application security training program for developers.
• Design and develop security monitoring architectures for cloud and cloud/hybrid-based systems.

• Bachelor’s/Master's degree in technical field with 5+ years’ experience as Application Security Architect
• Establish architectural standards that enable DevSecOps practices such as infrastructure as code, and automated continuous integration/continuous deployment (CI/CD)
• Production experience architecting solutions within Amazon Web Services (AWS) and/or Microsoft Azure with focus on application security.
• Soft skills - effective communication (internal, customer, legal counsel), collaboration (internal, external) and effective written skills (white papers, vulnerability specifications etc.).
• Software development background of 4 -5 years.
• Integrate/enable security engineering automation (e.g., SAST, DAST, IAST) in the delivery pipeline.
• Experience in application security to perform static and dynamic code analysis.
• Aligning the secure development lifecycle to industry standards, including Microsoft SDL, OWASP Top 10 development guides, and Privacy/PII related topics (privacy-by-design).
• Practical experience in the Information Security Architecture field, with emphasis on application security architecture and Identity and access management.
• Working knowledge of relevant security regulations such as ISO and SOC2
• Cloud Security and Architecture related certifications a plus

 #LI-SH1 

Verisk Analytics is an equal opportunity employer.

All members of the Verisk Analytics family of companies are equal opportunity employers. We consider all qualified applicants for employment without regard to race, religion, color, national origin, citizenship, sex, gender identity and/or expression, sexual orientation, veteran's status, age or disability.

http://www.verisk.com/careers.html

Unsolicited resumes sent to Verisk, including unsolicited resumes sent to a Verisk business mailing address, fax machine or email address, or directly to Verisk employees, will be considered Verisk property. Verisk will NOT pay a fee for any placement resulting from the receipt of an unsolicited resume. 

Consumer Privacy Notice