Applications Security Architect

Job Posting External

Primary Responsibilities

• Define security architecture standards and blueprints for web, mobile, cloud, and Application Programming Interface (API)-based applications.
• Review design documents and perform architecture risk assessments for new and existing applications.
• Collaborate with DevOps, Engineering, and Infrastructure teams to ensure architectures align with secure design principles.
• Integrate automated security testing/scanning tools (Static Application Security Testing (SAST), Software Composition Analysis (SCA)) into Continuous Integration (CI) or Continuous Delivery (CD) pipelines.
• Define and enforce secure coding standards and practices across development teams.
• Provide training and guidance to developers on secure development principles and vulnerability prevention.
• Conduct threat modeling and attack surface reviews for high-risk or critical applications.
• Identify potential security flaws and recommend mitigations early in development process.
• Track and communicate technical risk to product managers, developers, and leadership teams.
• Develop and maintain application security policies, baselines, and architecture frameworks.
• Ensure application security practices align with regulations including General Data Protection Regulation (GDPR) and Payment Card Industry Data Security Standard (PCI-DSS).
• Support audit and compliance initiatives by providing documentation and evidence of secure development practices.

Minimum Qualifications

• Bachelor’s degree in Information Technology, Cyber Security, Computer Science, or related field is required, along with 2-4 years related experience. Non-degree considered if 12+ years of related experience along with a high school diploma or GED

Preferred Qualifications

• 5+ years in cybersecurity with at least 3 years in application security or secure software development experience.
• Secure Software Development Life Cycle (SDLC) in development. Deep knowledge of Open Web Application Security Project (OWASP) Top 10, National Institute of Standards and Technology (NIST), and secure coding frameworks.
• Experience with Securing Secrets and Service Accounts.
• Experience with Web Application Firewall (WAF) implementation/support.
• Familiarity with Identity and Access Management and cloud security practices (AWS, Azure).
• Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CISSP), Certified Ethical Hacker (CEH) certified.
• Familiarity with container security (Docker, Kubernetes).
• Experience in Threat Modeling.
• Understanding of authentication protocols (Open Authorization (OAuth) and Security Assertion Markup Language (SAML)).
• Experience with DEVSECOPStools and container security tools.