Applications Security Architect

Job Posting External

Primary Responsibilities

• Define security architecture standards and blueprints for web, mobile, cloud, and Application Programming Interface (API)-based applications.


• Review design documents and perform architecture risk assessments for new and existing applications.


• Collaborate with DevOps, Engineering, and Infrastructure teams to ensure architectures align with secure design principles.


• Integrate automated security testing/scanning tools (Static Application Security Testing (SAST), Software Composition Analysis (SCA)) into Continuous Integration (CI) or Continuous Delivery (CD) pipelines.


• Define and enforce secure coding standards and practices across development teams.


• Provide training and guidance to developers on secure development principles and vulnerability prevention.


• Conduct threat modeling and attack surface reviews for high-risk or critical applications.


• Identify potential security flaws and recommend mitigations early in development process.


• Track and communicate technical risk to product managers, developers, and leadership teams.


• Develop and maintain application security policies, baselines, and architecture frameworks.


• Ensure application security practices align with regulations including General Data Protection Regulation (GDPR) and Payment Card Industry Data Security Standard (PCI-DSS).


• Support audit and compliance initiatives by providing documentation and evidence of secure development practices.

Minimum Qualifications

• Bachelor’s degree in Information Technology, Cyber Security, Computer Science, or related field is required, along with 2-4 years related experience. Non-degree considered if 12+ years of related experience along with a high school diploma or GED

Preferred Qualifications

• 5+ years in cybersecurity with at least 3 years in application security or secure software development experience.


• Secure Software Development Life Cycle (SDLC) in development. Deep knowledge of Open Web Application Security Project (OWASP) Top 10, National Institute of Standards and Technology (NIST), and secure coding frameworks.


• Experience with Securing Secrets and Service Accounts.


• Experience with Web Application Firewall (WAF) implementation/support.


• Familiarity with Identity and Access Management and cloud security practices (AWS, Azure).


• Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CISSP), Certified Ethical Hacker (CEH) certified.


• Familiarity with container security (Docker, Kubernetes).


• Experience in Threat Modeling.


• Understanding of authentication protocols (Open Authorization (OAuth) and Security Assertion Markup Language (SAML)).


• Experience with DEVSECOPStools and container security tools.