Application & Platform Security Architect

This is a fully remote position, open to applicants in Texas.

📋 Description

• Establish reusable security architecture patterns and guardrails to facilitate a consistent and secure application across high-risk business platforms.

• Promote secure-by-design initiatives by incorporating security considerations early in the software architecture lifecycle and guiding enterprise architecture strategy.

• Represent security architecture in design authority boards and technical review councils, advocating for risk-based security measures.

• Collaborate with in-business IT customers, including application architects and engineers, to assess application software and infrastructure designs, aiming to define and design application controls in accordance with enterprise standards.

• Create application-specific security control architectures and generate design artifacts to direct secure implementation of critical business systems.

• Develop reusable implementation guidance and design patterns based on past engagements to enhance scalability of the service.

• Partner with information security leadership to devise strategies and plans that enforce security requirements and mitigate identified risks within the infrastructure and applications.

• Act as a liaison for security architecture to IT delivery and engineering teams, integrating security principles into technical delivery and architectural review forums.

• Assist with the security aspects of business and IT initiatives by supporting architecture, design, implementation, deployment, and operational transition of innovative and secure technology solutions.

• Research, evaluate, design, test, recommend, and plan the implementation of new or updated information security technologies.

• Build collaborative working relationships with IT functions to ensure that solutions align with security architecture and business strategy.

• Serve in an advisory capacity for application development or acquisition projects to evaluate security requirements and controls, ensuring planned security measures are implemented.

• Complete remediation tasks and initiate actions to ensure that compliance and security deficiencies are effectively addressed.

• Investigate and evaluate new information security threats, recommending appropriate remedial actions.

• Cultivate an information security culture through education, skill development, and the application of effective information security processes and practices.

⛳️ Requirements

• Bachelor’s degree with 9 years of experience OR Master’s degree with 8 years OR PhD with 4 years of experience in information security and/or related fields (IT Audit, Risk Management, or Security Architecture).

• Proven ability to assess and convey information security concepts and practices effectively to both business and IT stakeholders.

• In-depth understanding of the systems development life cycle, client area functions and systems, and the technological alternatives for systems applications programs development.

• Demonstrated success in implementing innovative technology solutions that enhance business operations.

• Strong knowledge of application security principles, including OWASP Top 10, SANS/CWE Top 25, and secure coding practices.

• Expertise in secure session management, token handling, and authentication methods (OAuth, SAML, OpenID Connect).

• Familiarity with cryptographic practices, encryption protocols, and PKI management.

• Experience with containerization technologies (Docker, Kubernetes) and cloud platforms (AWS, Azure, GCP).

• Knowledge of tools for code analysis (e.g., SonarQube, Veracode) and vulnerability scanning (e.g., Burp Suite, Nessus).

• Understanding of DevSecOps methodologies, including securing CI/CD pipelines.

• Self-motivated with the ability to independently manage multiple projects concurrently.

• Strong analytical and problem-solving skills capable of identifying security threats and proposing effective remedies.

• Ability to collaborate effectively in cross-functional teams and influence technical groups towards secure implementation.

• Knowledge of cloud computing principles, including virtualization, containerization, microservices, and serverless computing.

• Advanced understanding of Identity Security concepts, including least-privilege, separation of duties, and Zero Trust design principles.

🏝️ Benefits

• Paid time off (vacation, holidays, sick)

• Medical/dental/vision insurance

• 401(k) for eligible employees

• Long-term incentive programs