Who We Are Looking ForWe are looking for a Senior Application Security Architect. You will be responsible for designing, reviewing, and governing security architectures for enterprise applications, APIs, cloud-native platforms, and AI-enabled systems. You will partner with software engineering, data science, cloud engineering, cybersecurity, and business teams to ensure security is embedded throughout the software and AI development lifecycles.
What You Will Be Responsible ForAs a Senior Application Security Architect, you will:
- Design and review secure architectures for enterprise applications, APIs, cloud-native platforms, AI-enabled systems, and emerging technologies.
- Define and maintain application security and AI security standards, architecture patterns, and security requirements.
- Conduct security architecture reviews, threat modeling exercises, and design assessments for applications, APIs, and AI solutions.
- Partner with application development, cloud engineering, AI engineering, and cybersecurity teams to embed security controls throughout the software and AI development lifecycles.
- Provide subject matter expertise in secure coding, application security testing, API security, authentication, authorization, AI security, and data protection.
- Assess security risks associated with applications, AI models, training data, prompts, agents, integrations, and third-party AI services.
- Drive adoption of secure-by-design, Zero Trust, DevSecOps, and AI security best practices across the enterprise.
- Evaluate emerging application security and AI security threats, technologies, and industry standards.
What We ValueThese skills will help you succeed in this role:
- Deep expertise in application security, secure software development, and modern application architectures.
- Strong understanding of AI/ML security risks, Large Language Models (LLMs), agentic AI systems, prompt injection, model misuse, and AI supply chain security.
- Experience securing cloud-native applications, APIs, microservices, containers, Kubernetes, and AI-enabled platforms.
- Strong analytical, problem-solving, and risk assessment skills with the ability to evaluate both traditional and AI-specific security threats.
- Strong communication and stakeholder management skills with the ability to collaborate across architecture, engineering, cybersecurity, cloud, and data science teams.
Education & Preferred Qualifications- Degree in Computer Science, Cybersecurity, Information Technology, Engineering, Data Science, or a related discipline.
- 14 years or more of experience in application security, software engineering, security architecture, AI security, or related technology disciplines with at least 8 years of hands-on cybersecurity experience preferred.
- Demonstrated experience designing and securing enterprise-scale applications across cloud, SaaS, hybrid, and on-premises environments.
- Deep expertise in secure software development lifecycle (SSDLC), OWASP Top 10, API security, secure coding practices, and application security testing methodologies.
- Strong understanding of AI/ML architectures, LLMs, Retrieval-Augmented Generation (RAG), agentic systems, model security, prompt security, and responsible AI principles.
- Experience with cloud-native technologies, containers, Kubernetes, CI/CD pipelines, DevSecOps practices, and Infrastructure as Code (IaC).
- Experience conducting threat modeling, architecture reviews, penetration test remediation, and risk assessments for applications and AI-enabled solutions.
- Familiarity with SAST, DAST, IAST, software composition analysis (SCA), API security testing, model validation, and AI security assessment techniques.
- Professional certifications such as CISSP, CSSLP, CCSP, TOGAF, SABSA, AWS Security Specialty, Azure Security Engineer, AI Security, or equivalent certifications are highly desirable.
- Experience within financial services or other highly regulated industries is preferred.
Additional Requirements- Experience supporting enterprise application modernization, cloud transformation, DevSecOps, and AI adoption initiatives.
- Ability to work effectively with application development, AI engineering, cloud engineering, architecture, and cybersecurity teams in a global environment.
- Limited travel may be required based on business needs.
Work RequirementHybrid: Expected to work in accordance with State Street's hybrid work model.
Shift: Standard business hours with flexibility to support global stakeholders across multiple time zones.
Salary Range: $120,000 - $202,500 Annual
The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.
Employees are eligible to participate in State Street's comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.
For a full overview, visit https://hrportal.ehr.com/statestreet/Home.