we are looking for an experienced Application Security Architect to join our Cybersecurity team. In this role, you will be instrumental in building and advancing our companys application security programs. Working closely with talented engineers, product managers, and platform teams, youll play a key role in ensuring the security of our software development lifecycle (SDLC).
Youll provide security services including secure coding practices, architecture reviews, awareness and training initiatives, and tool implementation. From threat modeling to secure development education, your contributions will directly impact the safety and resilience of our companys products.
What am I going to do?
Lead Secure SDLC Initiatives: Drive security throughout the software development lifecycle (S-SDLC), including threat modeling, risk assessments, and mitigation planning for new and existing applications.
Embed Secure Design Practices: Guide development teams on implementing secure architectural patterns, design principles, and coding standards, with emphasis on OWASP and industry best practices.
Security Tooling Strategy: Define and manage the integration of Static (SAST), Dynamic (DAST), and Software Composition Analysis (SCA) tools into our companys CI/CD pipelines, ensuring scalable, platform-agnostic coverage and effective vulnerability management.
Security Testing & Remediation: Perform and oversee application security testing, ensuring timely remediation of identified vulnerabilities.
Develop Security Standards: Create and maintain secure coding standards, best practices, and development guidance tailored to our companys tech stacks.
Code Reviews: Conduct in-depth manual and automated security code reviews for critical components, offering practical and constructive feedback to engineering teams.
API & Mobile App Security: Design and assess security for APIs and mobile applications, ensuring robust authentication, authorization, and data protection in line with industry standards.
Third-Party Risk Management: Evaluate the security posture of third-party libraries, components, and services integrated into our company's applications.
Cloud Security Collaboration: Partner with Cloud Security Architects to ensure secure application deployment in cloud environments (e.g., AWS, GCP), offering expert advice on cloud-native security practices.
Team Enablement & Education: Mentor development teams on emerging threats, secure coding techniques, and security-first development approaches.
Bug Bounty Program Leadership: Manage and evolve our companys bug bounty program, working with researchers and internal teams to resolve findings efficiently.
Youll provide security services including secure coding practices, architecture reviews, awareness and training initiatives, and tool implementation. From threat modeling to secure development education, your contributions will directly impact the safety and resilience of our companys products.
What am I going to do?
Lead Secure SDLC Initiatives: Drive security throughout the software development lifecycle (S-SDLC), including threat modeling, risk assessments, and mitigation planning for new and existing applications.
Embed Secure Design Practices: Guide development teams on implementing secure architectural patterns, design principles, and coding standards, with emphasis on OWASP and industry best practices.
Security Tooling Strategy: Define and manage the integration of Static (SAST), Dynamic (DAST), and Software Composition Analysis (SCA) tools into our companys CI/CD pipelines, ensuring scalable, platform-agnostic coverage and effective vulnerability management.
Security Testing & Remediation: Perform and oversee application security testing, ensuring timely remediation of identified vulnerabilities.
Develop Security Standards: Create and maintain secure coding standards, best practices, and development guidance tailored to our companys tech stacks.
Code Reviews: Conduct in-depth manual and automated security code reviews for critical components, offering practical and constructive feedback to engineering teams.
API & Mobile App Security: Design and assess security for APIs and mobile applications, ensuring robust authentication, authorization, and data protection in line with industry standards.
Third-Party Risk Management: Evaluate the security posture of third-party libraries, components, and services integrated into our company's applications.
Cloud Security Collaboration: Partner with Cloud Security Architects to ensure secure application deployment in cloud environments (e.g., AWS, GCP), offering expert advice on cloud-native security practices.
Team Enablement & Education: Mentor development teams on emerging threats, secure coding techniques, and security-first development approaches.
Bug Bounty Program Leadership: Manage and evolve our companys bug bounty program, working with researchers and internal teams to resolve findings efficiently.
Requirements:
Passion for application security and a commitment to building secure products.
Minimum 2+ years of hands-on experience in application security roles.
At least 3 years of experience in software development.
Strong understanding of common application vulnerabilities and mitigation strategies (e.g., OWASP Top 10).
Solid grasp of cryptography fundamentals, including encryption methods, authentication and authorization protocols, session management, and key management.
Experience with security testing tools such as SAST, DAST, SCA, and penetration testing utilities.
Solid foundation in application network security concepts: TLS, SSH, DNS, WAF, etc.
Deep understanding of secure web application design and development methodologies.
Effective communication and presentation skills, with the ability to explain complex technical issues to both technical and non-technical audiences.
Proven ability to mentor and train teams in secure development principles.
Self-motivated, detail-oriented, and capable of managing multiple priorities.
Fluent in English, both written and verbal.
Passion for application security and a commitment to building secure products.
Minimum 2+ years of hands-on experience in application security roles.
At least 3 years of experience in software development.
Strong understanding of common application vulnerabilities and mitigation strategies (e.g., OWASP Top 10).
Solid grasp of cryptography fundamentals, including encryption methods, authentication and authorization protocols, session management, and key management.
Experience with security testing tools such as SAST, DAST, SCA, and penetration testing utilities.
Solid foundation in application network security concepts: TLS, SSH, DNS, WAF, etc.
Deep understanding of secure web application design and development methodologies.
Effective communication and presentation skills, with the ability to explain complex technical issues to both technical and non-technical audiences.
Proven ability to mentor and train teams in secure development principles.
Self-motivated, detail-oriented, and capable of managing multiple priorities.
Fluent in English, both written and verbal.
This position is open to all candidates.
