Apply for this job now

Software Security Architect (Early Career)

Cary, North Carolina
Job Type
4 Aug 2022
Job Description

Are you a problem solver, explorer, and knowledge seeker always asking, What if?

If so, then you may be the new team member were looking for. Because at SAS, your curiosity matters whether youre developing algorithms, creating customer experiences, or answering critical questions. Curiosity is our code, and the opportunities here are endless.

What we do

Were the leader in analytics. Through our software and services, we inspire customers around the world to transform data into intelligence. Our curiosity fuels innovation, pushing boundaries, challenging the status quo and changing the way we live.

What youll do

As a Software Security Architect in the Product Security Office (PSO) in our R&D division at SAS, you will be a key contributor to software security design efforts across all of Research and Development. Successful candidates will solve complex technical problems, work closely with engineering teams, and communicate clearly and effectively to technical audiences. You will work with engineering teams to make strategic technology recommendations, identify areas of opportunity for automation and improvement, and define plans to close security gaps and mitigate weaknesses. This position requires a diverse set of skills in application security, software development, and systems architecture. Your success will depend on your cooperative skills in working with R&D architecture and engineering teams across SAS.

You will:
  • Assist product teams and security champions in application vulnerability assessment, remediation, and mitigation.
  • Solve security problems associated with modern web languages and frameworks, including but not limited to JavaScript (front and backend), Java, Go, Python and others.
  • Collaborate on developing and promoting secure design patterns and technical standards for IOT, web, mobile, cloud applications, and digital services.
  • Actively partner with product teams to review their secure design/architecture, perform threat models and risk assessments, and recommend suitable controls as appropriate.
  • Diagnose, triage, and propose remediations for vulnerabilities and weaknesses in code and applications, considering code, design, and deployment.
  • Assist in the development and successful execution of the SAS software security strategy by contributing to security standards, best practices, and training initiatives.
  • Create and update knowledge base and documentation related to product security processes and projects
  • Drive integration of application security tools and practices, including SCA, SAST, DAST, IAST, and WAF, into the enterprise DevOps practice and CI/CD pipeline.
  • Codify secure development and secure testing knowledge into reusable snippets/artifacts and curating them for continual consumption by product teams.
  • Partner with product security leads (PSLs) and software security architects to drive security projects, processes, and initiatives within one or more of the Product Security Offices technical focus areas (cloud security, secure architecture, vulnerability management, penetration testing, automation, test/abuse case research, etc.)

What were looking for
  • You have a Bachelors degree in in Data Communications, Electrical Engineering, Computer Science, Cybersecurity, or a related field.
  • 2+ years of recent or current software development experience in order to review code and be comfortable in guiding developers towards security practices.
  • Experience with one or more of the following programming languages: Python, Java, JavaScript, C/C++, PHP, SQL, Golang.
  • Youre curious, passionate, authentic and accountable. These are our values and influence everything we do.

The nice to haves
  • 1+ years of experience in the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services.
  • Application security professional certifications.
  • Some experience with:
    • Software security in enterprise environments
    • Unix and Windows scripting languages.
    • Cloud technologies, Azure, AWS, GCP, Oracle, or IBM.
    • Software security tools, such as Veracode, Black Duck, Metasploit, Checkmarx, SonarQube.
    • Security requirements, standards, and practices including NIST CSF, NIST 800-53, ISO 27001, PCI-DSS, SOC2 OWASP Top 10, SANS Top 25, etc.
    • Web Application Security Tools, such as ZAP, Wfuzz, Grabber, Burp, Vega, W3af.
    • DevSecOps practices.
    • Securing open-source software (OSS) supply chains.
    • Secure application development.
    • Microservice architecture, APIs, containerization, cluster orchestration, Kubernetes, and Docker.
    • Penetration testing and ethical hacking techniques.
    • Remediating common vulnerabilities from OWASP 10 and SANS 25.
    • Mitigating common security risks in cloud applications and web APIs.
    • Security protocols, cryptography, authentication, authorization.
    • Testing methods such as SCA/SAST/DAST/IAST.
    • Working in CI Systems such as Jenkins.
    • Reviewing and contributing to secure application designs and solutions.


Cary HQ office or remote for the right candidate. Preference for Eastern Standard Time (United States only).

  • We love living the and believe that happy, healthy people have a passion for life, and bring that energy to work. No matter what your specialty or where you are in the world, your unique contributions will make a difference.
  • Our multi-dimensional culture blends our different backgrounds, experiences, and perspectives. Here, it isnt about fitting into our culture, its about adding to it - and we cant wait to see what youll bring.

Additional Information:

To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status. SAS is an equal opportunity employer. All qualified applicants are considered for employment without regard to race, color, religion, gender, sexual orientation, gender identity, age, national origin, disability status, protected veteran status or any other characteristic protected by law. Read more: Equal Employment Opportunity is the Law. Also view the supplement EEO is the Law, and the Pay Transparency notice.

Equivalent combination of education, training and experience may be considered in place of the above qualifications. The level of this position will be determined based on the applicant's education, skills and experience. Resumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.

In order to work at SAS, you must be fully vaccinated against COVID-19. If there is a medical or religious reason preventing you from receiving an available COVID-19 vaccination, and you are selected as a candidate for consideration, we have an accommodations process in place to evaluate those requests.

All valid SAS job openings are located on the Careers page at . SAS only sends emails from verified email addresses and never asks for sensitive, personal information or money. Should you have any doubts about the authenticity of any type of communication from, for, or on behalf of SAS, please contact us at before taking any further action.

Apply for this job now


  • Job Reference: 677703116-2
  • Date Posted: 4 August 2022
  • Recruiter: SAS Institute Inc
  • Location: Cary, North Carolina
  • Salary: On Application
  • Sector: I.T. & Communications
  • Job Type: Permanent