Application & Platform Security Architect

This is a fully remote position, open to applicants in United States.

📋 Description

• Establish reusable security architecture patterns and guidelines to facilitate consistent and secure implementation across high-risk business applications.

• Champion secure-by-design initiatives by incorporating security considerations early in the software architecture lifecycle and guiding enterprise architecture direction.

• Represent security architecture in design authority boards and technical review councils, promoting risk-based security controls.

• Collaborate with in-business IT customers, including application architects and engineers, to assess application software and infrastructure designs, aiming to define and design application controls in line with enterprise standards.

• Create application-specific security control architectures and produce design artifacts that aid in the secure implementation of business-critical systems.

• Develop reusable implementation guidance and design patterns based on prior engagements to enhance service scalability.

• Partner with information security leadership to formulate strategies and plans for enforcing security requirements and addressing identified risks within the infrastructure and applications.

• Serve as a security architecture liaison to IT delivery and engineering teams, integrating security principles into technical delivery and architecture review forums.

• Assist in the security aspects of business & IT initiatives by supporting architecture, design, implementation, deployment, and operational transition of innovative and secure technology solutions.

⛳️ Requirements

• Bachelor’s degree with 9 years of experience OR Master’s degree with 8 years of experience OR PhD with 4 years of experience in information security and/or related fields (IT Audit, Risk Management, or Security Architecture).

• Must demonstrate an exceptional ability to assess and communicate information security concepts and practices to both business and IT stakeholders.

• Requires comprehensive knowledge of the systems development life cycle, client area functions and systems, and technological alternatives for systems applications program development.

• Proven track record of implementing innovative technology solutions that propel the business forward.

• Strong grasp of application security principles, including OWASP Top 10, SANS/CWE Top 25, and secure coding practices.

• Expertise in secure session management, token handling, and authentication mechanisms (OAuth, SAML, OpenID Connect).

• Familiarity with cryptographic practices, encryption protocols, and PKI management.

• Experience with containerization technologies (Docker, Kubernetes) and cloud platforms (AWS, Azure, GCP).

• Knowledge of code analysis tools (e.g., SonarQube, Veracode) and vulnerability scanning tools (e.g., Burp Suite, Nessus).

• Understanding of DevSecOps methodologies, including securing CI/CD pipelines.

🏝️ Benefits

• Paid time off (vacation, holidays, sick leave)

• Medical, dental, and vision insurance

• 401(k) plan for eligible employees

• Long-term incentive programs