Title: Senior Application Security Architect
Location : McLean, VA
Target Start Date : ASAP
Type: contract
Pay Rate: DOE
Senior Application Security Architect
The Senior Application Security Architect is responsible for designing, implementing, and governing enterprise-wide application security architecture and standards. This role establishes security frameworks, conducts architecture and design reviews, and leads strategic security initiatives that embed security across the software development lifecycle. The position requires strong technical depth, architectural thinking, and leadership, along with the ability to manage multiple priorities and collaborate effectively across teams.
Responsibilities
Design and establish enterprise application security architecture frameworks, reference models, and standards aligned with business objectives and risk tolerance
Lead application and system architecture reviews to identify security gaps and recommend appropriate controls
Develop and maintain security baselines, standards, and reusable patterns for web, mobile, API, microservices, and cloud-native applications
Create and evolve threat modeling practices and facilitate threat modeling sessions with development teams
Define secure coding standards and security requirements based on application type, data classification, and risk profile
Architect security solutions for authentication, authorization, encryption, and secure communications
Establish security guardrails for cloud-native, serverless, containerized, and infrastructure-as-code environments
Design and implement API security strategies, including identity flows, gateways, and rate limiting
Integrate security architecture principles into CI/CD pipelines to support DevSecOps initiatives
Evaluate, select, and recommend application security tools and technologies
Develop security architecture roadmaps and guide implementation of enterprise security capabilities
Partner with development and platform teams to design secure solutions that balance security and business needs
Lead cross-functional security initiatives with enterprise-wide impact
Leverage GenAI technologies to enhance security architecture reviews and automate security analysis
Maintain documentation of security architecture decisions, patterns, and reference implementations
Develop and deliver security architecture training and guidance for developers and architects
Stay current with emerging security threats, technologies, and architectural best practices
Perform security design reviews for new applications and major system changes
Architect secure data handling practices, including encryption at rest and in transit
Qualifications
Bachelor's degree in Computer Science, Information Security, or a related technical field
5+ years of experience in application security, including at least 2 years in a security architecture role
Deep knowledge of secure design principles, threat modeling methodologies, and security architecture patterns
Experience designing security controls for cloud environments such as AWS, Azure, or GCP
Proficiency evaluating and implementing application security tools, including SAST, DAST, IAST, and SCA
Hands-on experience with security testing and proxy tools
Strong understanding of secure software development practices and DevSecOps implementation
In-depth knowledge of OWASP Top 10, CWE/SANS, and related security standards
Experience with authentication and identity technologies including MFA, SSO, OAuth 2.0, SAML, and OIDC
Experience designing and securing APIs and microservices architectures
Knowledge of regulatory requirements and their impact on application architecture
Proficiency in one or more programming languages, preferably Java, Python, or JavaScript
Experience performing secure code reviews and identifying common vulnerability patterns
Understanding of cryptographic protocols and secure implementation practices
Experience supporting modern application architectures such as SPAs, serverless, and container-based systems
Strong communication skills with the ability to explain complex security concepts to technical and non-technical audiences
Experience leading cross-functional initiatives and influencing stakeholders
Relevant certifications such as CSSLP, CISSP, or cloud security certifications are highly desirable
This role is ideal for a strategic security leader who can balance security requirements with business objectives while driving a more mature and resilient application security ecosystem.
Welcome to ConsultNet, a premier national provider of technology talent and solutions. Our expertise spans across project services, contract-to-hire, direct search, and managed services onshore, nearshore, and hybrid.
For over 25 years, we have connected thousands of consultants with meaningful roles through a personal, communication-driven approach, partnering with a diverse client base to build high-performing teams and create lasting impact.
Our comprehensive service offerings cover a wide range of technology and engineering positions across key markets nationwide. Learn more at www.consultnet.com .
We champion equality and inclusivity, proudly supporting an Equal Opportunity Employer policy. We welcome applicants regardless of Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other status protected by law.