Application Security Architect

We are looking for a Security Architect (Application Security) to join our team and lead the design and implementation of secure solutions for our cloud-based enterprise applications. You will be a hands-on, technical leader with a passion for security and a deep understanding of complex, multi-tenant systems. You will provide architectural guidance and mentorship to the teams responsible for platform and application development, ensuring that security is built-in from the start and throughout the software development lifecycle. You will also define the product security roadmap, translate business and technical requirements into robust security software solutions, and communicate with senior management and stakeholders on the status and feedback of the security projects. As a Security Architect (Application Security), you will be a key contributor to the overall security posture of our organization and a trusted partner for our customers.

Responsibilities

Provide architectural leadership and direction to the teams responsible for platform and application development, with a focus on system wide security, data, operational efficiency, serviceability, and supervision of the secure SDLC.
Develop, implement, and maintain application security standards, policies, procedures, and best practices that align with risk and control processes
Define the product security roadmap and lead the process of translating business and technical requirements into robust application/product security solutions that ensure customer information assets are adequately protected with acceptable levels of control.
Review and approve the architecture and design for various application development project projects, and ensure commitments from partners and stakeholders.
Collaborate with various stakeholders, such as developers, architects, project managers, and business leaders, to ensure the security of applications and systems throughout their lifecycle.
Provide senior management-level summary status and feedback to business stakeholders and product management on the security projects.
Conduct research and development on security innovations, tools, and methodologies in information technology services and help define and document internal, technical, and service processes and procedures. Work on proof-of-concepts and projects to improve the application security tool stack.
Establish an enterprise security stance through definition of policy, architecture, development, training and awareness, aligning business needs with technology and doing so in a manner which ensures that security is built in.
Provide thought leadership and a clear, consistent architectural vision across the platform, distributed services, and operations.
Stay up to date with the latest trends and developments in information and cyber security, and pursue relevant certifications and memberships in information security communities.
Mentor and coach the developers on security best practices, tools, and techniques. Experience in building and leading a volunteer-based application security champions program from grassroots, and scaling it to multiple product teams is desirable.
Demonstrate excellent communication, collaboration, and leadership skills, and the ability to influence and educate others on application security best practices and standards.

Qualifications

Bachelors degree in computer science, Engineering, or related field, or equivalent work experience.
Minimum 10 years of software development experience with at least 5 years in security architecture, design, development, assessment, testing, and review across multiple domains and platforms.
Expertise in architecting and reviewing security solutions for complex applications running in a cloud, multi-tenant environment.
Experience in cloud platforms such as Google Cloud, AWS or Azure and how to leverage their security features and services.
Experience in designing and developing large scale On-prem and SaaS applications using various programming languages APIs and frameworks.
Secure development methodologies such as threat modeling, static source code reviews, dynamic application security assessments, penetration testing, and security best practices.
Experience in implementation of latest standards and technologies in authentication, authorization, auditing, cryptography, PKI, federation, OAuth, MFA, OIDC, and data security at rest, in transit and in use.
Strong knowledge of security principles, standards, and best practices, such as OWASP, NIST, ISO, etc.
Experience with security tools and technologies, such as encryption, authentication, authorization, firewalls, web application firewalls, intrusion detection/prevention systems, vulnerability scanning, penetration testing, etc.
Experience with secure coding practices, such as threat modeling, code review, static and dynamic analysis, etc.
Experience with agile development methodologies and DevSecOps practices.
Excellent communication, collaboration, and leadership skills.
Desirable certifications such as CISSP, CSSLP, CEH, or similar are preferred.
Experience in vulnerability management tools and programs is desirable.