Senior Application Security Architect

This is a fully remote position, open to applicants in United States.

📋 Description

• Act as the security architecture expert within the architecture team, collaborating with product architects, principal engineers, cloud partners (AWS, Azure, GCP), and business leaders to integrate secure-by-design principles into hardware appliances, multi-tenant SaaS platforms, and globally distributed cloud infrastructure.

• Mentor and assist developers in crafting secure code, including secure patterns, common vulnerability types, and the safe use of frameworks and libraries.

• Offer timely consultations on “how to do it right” (architecture, implementation specifics, and operational aspects) and guide teams in selecting secure-by-default methodologies.

• Evaluate findings from SAST, SCA, DAST, container, and IaC scanning; investigate, validate, and rectify false positives; and aid teams in prioritizing genuine risks.

• Collaborate with teams to fine-tune security tools, minimize noise, and enhance signal quality (rules, suppressions, baselines, and exception processes) while upholding a robust security posture.

• Promote the adoption of CNAPP, CWPP, WAF, service mesh security, API gateways, SIEM/SOAR, and cloud-native telemetry for protective monitoring, runtime defense, and incident-ready detection.

• Perform Secure by Design reviews for new applications and significant changes to existing applications, ensuring early validation of security requirements and design choices.

• Lead and facilitate threat modeling workshops; identify abuse cases, trust boundaries, and attack vectors; and document mitigations and residual risks.

• Assess authentication/authorization design, data flows, secrets management, logging/monitoring, and resiliency controls to ensure secure architectures.

• Provide clear, actionable recommendations and monitor follow-through with engineering teams.

• Convert regulatory and compliance requirements (FedRAMP, SOC2, ISO 27001, NIST SP 800-53, CSA CCM, SOX) into actionable, measurable, and auditable security architecture control objectives—transitioning from audit-driven to architecture-driven alignment.

⛳️ Requirements

• 8+ years of relevant IT experience; 5+ years of experience with security application tools.

• 6+ years of experience in application security evaluations of new architecture; 5+ years of experience with public and hybrid cloud (AWS, Azure, and GCP) environments.

• Strong software development background with the capability to read, comprehend, and advise on production code and design decisions.

• Proven expertise in threat modeling and secure architecture reviews for contemporary web and API-based applications.

• Proficiency in securing CI/CD and SDLC processes (pipeline security, secrets management, artifact integrity, build/release controls, and automation).

• Experience with application security tools and processes, including managing findings and resolving false positives (SAST/SCA/DAST and related scanning in pipelines).

• Familiarity with AI/ML security risks and mitigations for applications utilizing ML models or GenAI components.

• Strong collaborative and consulting abilities, with the capacity to influence without authority, communicate effectively, and provide pragmatic, developer-friendly recommendations.

🏝️ Benefits

• Comprehensive health and wellness benefits.

• Opportunities for professional development and growth.

• Flexible work arrangements to support work-life balance.

• Access to cutting-edge tools and technologies.