Hilton Principal Application Security Architect in McLean, Virginia

***This position can be based out of one of two corporate office locations: McLean, VA or Dallas, TX***

From smartphone capabilities like Digital Key to connected rooms that allow for integrated entertainment, temperature, and lighting controls, Hilton’s Global Technology team is responsible for building the hospitality experience of the future – for our guests, owners, and Team Members. Through innovative technology development and deployment, this team ensures Hilton has the technology needed to support our continued global growth while remaining at the forefront of hospitality technology innovation.

What will I be doing?

As the Principal Application Security Architect, you will be an influential leader, who will work across a heavily matrixed global organization to creatively drive secure architecture for customer applications across the enterprise, as well as motivating people to perform through vision, management, focus, and discipline. You will be translating cyber security strategies into specific goals, action plans, and the work you are doing.

You will play a dynamic role in maintaining the controls that enable our organization to operate efficiently, cost effectively, and within compliance standards. As a principal security architect, you will author, review, and assist others in interpreting, understanding, and applying information security policies and standards to mitigate information security risks. This position works closely with other members of the Information Security and Legal Compliance organizations, in a coordinated and focused manner.

More specifically, you will:

  • Craft and maintain security architecture strategies, patterns, standards, and guidelines, which balance business priorities, information security risks, emerging threats, and standard methodology security application architecture to ensure the confidentiality, integrity, and availability of Hilton information assets.
  • Develop advanced security solutions to meet the requirements of key partners to ensure that solutions are secure, technically proficient, performance efficient, and fit into Hilton’s architecture models.
  • Own the evaluations of technologies and software products to determine the feasibility and desirability of incorporating their capabilities within the Hilton product suite.
  • Guide and contribute extensively to the ongoing collection, development, review, and adoption of architecture and development standards and standard methodologies.
  • Actively participate in the governance process associated with application security and technology standards.

What are we looking for?

The success in this role will demonstrate itself through the following attributes and skills:

  • Knowledge of hotel-based Information Technology (IT) systems and applications
  • Deep understanding of the security requirements lifecycle process and software development lifecycle (SDLC)
  • Strong working knowledge of Atlassian Stack, Node.js, React, Relay, Graphql, and NOSQL databases such as Couchbase
  • Experience developing and authoring application security architectures, standards, and guidelines
  • Experience communicating application security requirements and risk to IT teams and business partners
  • Experience reviewing application design, software framework, and infrastructure to identify risks. Capable of assessing underlying components (e.g., databases, servers), configuration, and security access controls
  • Experience with static code scan tools (e.g., Fortify, Checkmarx) and dynamic scanning tools (e.g., Rapid7, AppScan, Burp, Qualys)
  • Experience working with development methodologies (e.g., Waterfall, Agile, RUP)
  • Knowledgeable on industry standards, guidelines, and regulatory compliance requirements related to information security and cloud computing (e.g., GDPR, ISO 27001, Cloud Security Alliance, NIST 800-53, PCI DSS, SOC2)

To fulfill this role successfully, you must possess the following minimum qualifications and experience:

  • BA/BS Bachelor’s Degree or an Associate’s Degree plus ten (10) years of related IT experience or a High School Diploma/GED plus twelve (12) years of related IT experience
  • Eight (8) years of experience combined with exposure to product development and web development on J2EE platforms
  • Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) Certifications
  • Travel up to 30% of the time

It would be advantageous in this position for you to demonstrate the following capabilities and distinctions:

  • MA/MS Master's Degree in Information Technology, Computer Science or Computer Engineering
  • Two (2) years working with AWS/Azure Cloud design and architecture, such as SaaS, IaaS and/or PaaS
  • Certification in CISSP

What will it be like to work for Hilton?

Hilton is the leading global hospitality company, spanning the lodging sector from luxurious full-service hotels and resorts to extended-stay suites and mid-priced hotels. For nearly a century, Hilton has offered business and leisure travelers the finest in accommodations, service, amenities and value. Hilton is dedicated to continuing its tradition of providing exceptional guest experiences across its global brands . Our vision “to fill the earth with the light and warmth of hospitality” unites us as a team to create remarkable hospitality experiences around the world every day. And, our amazing Team Members are at the heart of it all!

Job: Information Technology/Systems

Title: Principal Application Security Architect

Location: null

Requisition ID: INF0109N