As the Senior Application Security Architect, you work strategically with engineering and product teams to enable the delivery of secure application patterns and software solutions. You design standard security requirements for how applications should be built, deployed, and maintained, ensuring security is baked into the software development lifecycle from the start. You also build and mature team processes that empower development teams to own their software's security posture while mentoring internal security team members.
About the role- Perform Security Reviews of applications throughout the SDLC including at the design and implementation phases through formal threat modeling and source code reviews, focusing on designing secure applications from the start and ensuring secure design principles are correctly implemented.
- Help to set strategic direction for application security initiatives, shift-left processes, and secure coding standards across the enterprise with a focus on treating security as quality.
- Build relationships and collaborate with software engineering, product, and architecture teams to ensure alignment of company vision and secure coding goals.
- Continually identify opportunities for improvement within software delivery pipelines and work with engineering leadership to implement automated security guardrails and remediations.
- Collaborate with business, product owners, architecture, and information security teams to enable the delivery of secure software patterns that support business velocity
- Coordinate and drive initiatives for AppSec engineers to build, execute, and scale application security strategies.
- Help to build processes that test the compliance and effectiveness of software security requirements through automated guardrails and continuous security testing.
- Influence decision-makers in the areas of secure application architecture, API design, authentication/authorization controls, and modern cloud deployment.
- Create and evangelize application security policy sets and secure design patterns to be used throughout the company that balance velocity and external compliance requirements.
- Work directly with development and audit teams to help align security architectures against upcoming compliance, regulatory (e.g., SSDF, Executive Orders on Cybersecurity), and contractual landscapes.
- Mentor software engineers and information security team members on threat modeling, secure code design, and modern vulnerability remediation techniques.
About you Minimum Qualifications
- 10 years of experience in an information security, application development with a secure coding background or software engineering role with a focus on secure code & design principles, OR bachelor's degree in computer science, information security, or a related field and 5 years of experience.
- Proven experience performing architectural threat modeling on complex systems and applications using formal frameworks (e.g., STRIDE, DREAD, PASTA)
- Strong ability to read, write, and audit code for security vulnerabilities, with the ability to provide engineering teams with precise, actionable remediation guidance
- Deep technical familiarity with Java ecosystem (strongly preferred), as well as .NET and/or Python
- Proficiency in at least one scripting language (e.g., PowerShell, Bash, Python) for automation and custom tooling
- Demonstrated aptitude for leveraging AI-assisted engineering tools to drive operational efficiency, balanced with the critical thinking required to identify, validate, and correct AI inaccuracies or hallucinations
- Practical experience or working knowledge of the following:
- Secure SDLC frameworks
- DevSecOps pipeline integration (CI/CD)
- SAST /DAST/SCA/Secret Scanning tooling
- Identity and access management (OAuth 2.0, OIDC, SAML)
- Container security (Docker, Kubernetes)
- OWASP Top 10 / ASVS mappings
- Familiarity with the MITRE ATT&CK Framework
- Strong knowledge of fundamental InfoSec concepts, such as least privilege, zero trust architectures, secure input validation, layered security, secure defaults, etc.
- Deep understanding of modern enterprise security risks such as software supply chain Security, securing & hardening development environments, and identifying and mitigating risk at scale.
Preferred Qualifications
- Master's degree in computer science, information security, or a related field
- Advanced expertise in architectural threat modeling and building automated threat modeling capabilities into developer workflows
- OSCP, OSWE, GWAPT, CISSP, CCSP, or other relevant security certifications
- Hands-on experience scaling AppSec programs across large engineering organizations, including, integrating secure solutions across an organization's SDLC, and/or experience administering a developer security champion program
- Strong technical experience with Java
What you'll get Our team members fuel our strategy, innovation and growth, so we ensure the health and well-being of not just you, but your family, too! We go above and beyond to give you the support you need on an individual level and offer all sorts of ways to help you live your best life. We are proud to offer eligible team members perks and health benefits that will help you have peace of mind. Simply put: We've got your back. Check out our full list of Benefits and Perks.
On-Call Expectations This role may include participation in an on-call rotation to support production systems and ensure service reliability. On-call responsibilities may include coverage during nights and weekends. If applicable, frequency and scheduling will be determined by team needs and communicated accordingly.
This job description is an outline of the primary responsibilities of this position and may be modified at the discretion of the company at any time. The compensation information below is provided in compliance with all applicable job posting disclosure requirements. The compensation for this position is $149,000.00$318,000.00. The position may also be eligible for an annual bonus, incentives, and other employment-related benefits including, but not limited to, medical, dental, and vision benefits, 401K retirement plan, and paid-time off. More information regarding these benefits and others can be found here. The information regarding compensation and other benefits included in this paragraph is the company's current, good faith estimate at the time of posting. [Compensation and benefits are subject to modification from time to time as the Company, in its sole and exclusive discretion, deems appropriate.] The Company may determine during its future reviews of the proposed compensation and benefits provided for this position, that the compensation and benefits for such position should be reduced. In no event will the Company reduce the compensation for the position to a level below the applicable jurisdictional minimum wage rate for the position.