Applications Security Architect

Company Description:

Crown Equipment Corporation is a leading innovator in world-class forklift and material handling equipment and technology. As one of the world’s largest lift truck manufacturers, we are committed to providing the customer with the safest, most efficient and ergonomic lift truck possible to lower their total cost of ownership.

Job Posting External

Primary Responsibilities

• Define security architecture standards and blueprints for web, mobile, cloud, and Application Programming Interface (API)-based applications.
• Review design documents and perform architecture risk assessments for new and existing applications.
• Collaborate with DevOps, Engineering, and Infrastructure teams to ensure architectures align with secure design principles.
• Integrate automated security testing/scanning tools (Static Application Security Testing (SAST), Software Composition Analysis (SCA)) into Continuous Integration (CI) or Continuous Delivery (CD) pipelines.
• Define and enforce secure coding standards and practices across development teams.
• Provide training and guidance to developers on secure development principles and vulnerability prevention.
• Conduct threat modeling and attack surface reviews for high-risk or critical applications.
• Identify potential security flaws and recommend mitigations early in development process.
• Track and communicate technical risk to product managers, developers, and leadership teams.
• Develop and maintain application security policies, baselines, and architecture frameworks.
• Ensure application security practices align with regulations including General Data Protection Regulation (GDPR) and Payment Card Industry Data Security Standard (PCI-DSS).
• Support audit and compliance initiatives by providing documentation and evidence of secure development practices.

Minimum Qualifications

• Bachelor’s degree in Information Technology, Cyber Security, Computer Science, or related field is required, along with 2-4 years related experience. Non-degree considered if 12+ years of related experience along with a high school diploma or GED

Preferred Qualifications

• 5+ years in cybersecurity with at least 3 years in application security or secure software development experience.
• Secure Software Development Life Cycle (SDLC) in development. Deep knowledge of Open Web Application Security Project (OWASP) Top 10, National Institute of Standards and Technology (NIST), and secure coding frameworks.
• Experience with Securing Secrets and Service Accounts.
• Experience with Web Application Firewall (WAF) implementation/support.
• Familiarity with Identity and Access Management and cloud security practices (AWS, Azure).
• Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CISSP), Certified Ethical Hacker (CEH) certified.
• Familiarity with container security (Docker, Kubernetes).
• Experience in Threat Modeling.
• Understanding of authentication protocols (Open Authorization (OAuth) and Security Assertion Markup Language (SAML)).
• Experience with DEVSECOPStools and container security tools.

Work Authorization:

Crown will only employ those who are legally authorized to work in the United States. This is not a position for which sponsorship will be provided. Individuals with temporary visas or who need sponsorship for work authorization now or in the future, are not eligible for hire.

No agency calls please.

Compensation and Benefits:

Crown offers an excellent wage and benefits package for full-time employees including Health/Dental/Vision/Prescription Drug Plan, Flexible Benefits Plan, 401K Retirement Savings Plan, Life and Disability Benefits, Paid Parental Leave, Paid Holidays, Paid Vacation, Tuition Reimbursement, and much more.

EOE Veterans/Disabilities