Senior Lead Engineer/Information Security Architect - Hybrid Must have EXCELLENT communication skills Location: McLean, VA or Dallas, TX or Memphis, TN - Must be open to working onsite location 2-3days a week Duration: 12 months possibly longer W2 Only As Senior Lead Engineer for the Application Security Architecture team, you will work closely with application team to help implement security solutions that are tailored to the specific risks facing the organization. You will be an influential technical lead, who will be work across a heavily matrixed global organization to aggressively drive secure discipline for customer and enterprise applications, as well as lead cybersecurity function for critical Hilton platforms.

You will play an important role to help manage the compliance of policies and standards as a function of an end-to-end SDLC project lifecycle. Position Summary: As a Senior Lead Engineer, Application Security Architecture, you will play a meaningful role in maintaining the controls that enable our organization to operate efficiently, cost effectively, and within compliance standards. Engineers will also assist others in interpreting, understanding, and applying the information security policies and standards to mitigate information security risks.

This position works closely with other members of the Information Security and the Legal Compliance organizations, in a coordinated and focused manner. Specifically, you will be responsible to: Develop advanced security solutions to meet the requirements of key stakeholders to ensure that solutions are secure, scalable, available, resilient, technically proficient, performance efficient, and fit into overall Hilton's architecture models. Create and maintain security architecture strategies, patterns, standards, and guidelines which balance business priorities, information security risks, emerging threats, and best practice security application architecture to ensure the confidentiality, integrity, and availability of Hilton information assets.

Continuously evaluate the organization's existing application security practices, help define and measure security-related activities, and demonstrate concrete improvements to the application assurance program within the organization. Lead the evaluations of technologies and software products to determine the feasibility and desirability of incorporating their capabilities within the Hilton product suite. Guide and contribute extensively to the ongoing collection, development, review and adoption of architecture and development standards and best practices.

Actively participate in the governance process associated with application security and technology standards. Use coding languages or scripting methodologies to solve a problem with a custom workflow. Qualifications Working knowledge of one or more following technologies: Atlassian Stack, Node.

js, react, relay, Graphql and NOSQL database such Couchbase. Experience with AWS Cloud environment and cloud security concepts and architecture. Experience reviewing application design, software framework, and infrastructure to identify issues.

Capable of assessing underlying components (eg, databases, servers), configuration, and security access controls. Experience with static code scan tools (eg, Fortify, Checkmarx) and dynamic scanning tools (eg, Burp, Qualys). Experience with development CI/CD tools such as Git, Jira, GitLab, or Jenkins.

Familiarity with container orchestration services, especially Kubernetes. At least three years experience and proficient in a one of the public clouds such as AWS, Azure, GCP or Alicloud. Experience developing and authoring application security architectures, standards, and guidelines.

Experience communicating application security requirements and risk to IT teams and business partners. Experience reviewing application design, software framework, and infrastructure to identify risks. Capable of assessing underlying components (eg, databases, servers), configuration, and security access controls.

Experience with DevSecOps and integrating security tools into a secure CI/CD pipeline. Required Qualifications Minimum Education: BA/BS in Information Technology, Computer Science, Computer Engineering, or equivalent work experience. Minimum Years of Experience: 5+ years of experience combined with exposure to product development and web development on J2EE platforms or alternate technology stacks.

Minimum 3 years of experience working with AWS Cloud technologies or alternate public cloud providers. Minimum Years of Experience: 3+ year of product development and web development on J2EE platforms or alternate technology stacks. Preferred Qualifications Minimum Years of Experience: 3 yr.

+ experience working with AWS/Azure Cloud design and architecture eg, SaaS, IaaS, PaaS Certification: CISM (Certified Information Security Manager) or CISSP (Certified Information Systems Security Professional)