ResponsibilitiesThe Application Security Architect partners with software development, platform, cybersecurity, and cloud engineering teams to embed security throughout the modern software development lifecycle (SDLC). This role focuses on secure-by-design practices, DevSecOps strategy, roadmap and enablement, and risk-based vulnerability management across internally developed, third-party, SaaS, and cloud-native applications. The AppSec Architect serves as the strategic owner of the Application Security Roadmap, defines target-state AppSec maturity aligned to business growth, and prioritizes AppSec investments and tooling rationalization. The role serves as a trusted advisor to development teams and the key contributor to the organization's overall Secure Software Development Program.
Key ResponsibilitiesSecure SDLC & DevSecOps
- Embed application security controls into CI/CD pipelines, including automated SAST, DAST, IAST, SCA, secrets detection, and IaC scanning.
- Establish standardized security controls across platforms.
- Design exceptions and compensating controls.
- Partner with development teams to implement shift-left security while maintaining delivery velocity.
- Define and maintain secure coding standards, security design patterns, and reference architectures.
- Participate in architecture and design reviews, including threat modeling for new applications and major changes.
- Perform research and development (R&D) into existing processes and tooling opportunities
Application & Cloud Security Assessment
- Identify and assess security risks in web, mobile, API, SaaS, and cloud-native applications developed internally or by third parties.
- Perform or coordinate:
- Source code reviews (manual and automated)
- Application vulnerability assessments and penetration tests
- API and microservices security testing & analysis
- Cloud configuration and IaC security reviews
- Validate findings, reduce false positives, and prioritize remediation based on business risk.
- Establish reusable security architecture patterns for cloud-native and distributed systems.
Vulnerability & Risk Management
- Manage application security findings through a centralized vulnerability or risk management platform.
- Work with development teams to define practical, risk-based remediation guidance.
- Track remediation progress, verify fixes, and support exception/risk acceptance processes.
- Contribute to application security metrics, KPIs, and executive-level reporting.
- Translate technical debt and vulnerabilities into business risk and exposure.
Open Source & Supply Chain Security
- Assess and manage risks related to open-source dependencies, libraries, and third-party components.
- Support Software Composition Analysis (SCA) and software supply chain security initiatives (e.g., dependency hygiene, SBOMs).
- Evaluate security posture of third-party applications and vendors in collaboration with risk management team.
- Verify compliance with third-party component licensing models
Software Compliance
- Lead software compliance activities related to application vulnerabilities, data exposure, or insecure design.
- Support application-related forensic analysis and root-cause investigations.
- Assist with compliance and assurance activities related to secure development (e.g., NIST, ISO, SOC, internal audits).
Enablement & Education
- Develop and deliver application security training for developers and cybersecurity team
- Provide hands-on guidance and documentation to improve developer security maturity.
- Act as a security champion advocate, helping teams make informed security decisions.
Required Education, Experience, and Skills- High School Diploma/GED Required
- Bachelor's Degree (Technical Degree Preferred) and 6 Years Relevant Experience OR 8 Years Relevant Experience
- 12+ years of combined experience across software engineering, platform/cloud engineering, application security, & DevSecOps / SRE with strong cybersecurity ownership preferred
- 5+ years in hands-on software engineering or platform/cloud engineering preferred
- 7+ years in application security, DevSecOps, or secure architecture preferred
- Strong understanding of modern SDLCs, Agile, and CI/CD practices.
- Hands-on experience with at least one major programming language (e.g., Java, C#, Python, JavaScript).
- Practical knowledge of:
- Web, mobile, and API security
- Authentication and authorization models (OAuth2, OIDC, JWT, SAML)
- OWASP Top 10 and API Top 10
- Familiarity with cloud platforms (AWS, Azure, and/or OCI) and cloud-native services.
- Working knowledge of networking fundamentals, encryption, and secure communications.
- Excellent written and verbal communication skills, with the ability to translate security risk into business impact.
Preferred / Beneficial Qualifications- Experience with application security tools such as SAST, DAST, IAST, SCA, secrets scanning, or IaC security platforms.
- Experience securing containers, Docker, and serverless workloads.
- Knowledge of Infrastructure as Code frameworks (e.g., Terraform, CloudFormation).
- Familiarity with threat modeling frameworks (e.g., STRIDE).
- Security or development certifications such as:
- CSSLP, CISSP, GWAPT, GWEB, OSWE, or equivalent
- Cloud security certifications (AWS, Azure, or GCP)
Behavioral & Professional Expectations- Strong collaboration skills; ability to influence without authority.
- Comfortable balancing security risk with business and delivery priorities.
- Highly organized, detail-oriented, and self-directed.
- Customer-service mindset toward internal development teams.
- Ability to remain effective in fast-paced, evolving technical environments.
- Commitment to confidentiality, ethical conduct, and continuous improvement.
Additional Information- Travel: 0-25% (as needed)
- Work hours may occasionally include non-standard hours to support critical releases or incidents.
- Job level and scope may be adjusted based on experience and qualifications.
Experience Level Adjustmnt Should the selected candidate meet the qualifications of a more experienced level in the career path, the job level may be adjusted.
Benefits Altec offers a competitive salary that rewards performance and dedication, along with a comprehensive benefits package that includes:
- Medical, Dental, Vision and Prescription Drug Program
- Retirement 401(k) Traditional or Roth Program Options with Company Match
- Vacation and Holidays
- Parental Leave
- Short Term and Long Term Disability Leave
- Flexible Spending Accounts
- Tuition Assistance Program
- Employee Assistance and Mental Health/Substance Abuse Program
- Life Insurance, Accidental Death and Dismemberment Insurance
- Supplemental Insurance including Hospital Indemnity, Critical Illness and Accident Insurance
- Additional Wellness Programs and Rewards Available
