Application Security Architect

1. Position Title: Application Security Architect
2. Number of Positions Needed: 1
3. Length of Contract: 1 year
4. Remote, 100%

Top 3-5 skills

• Experience: 8+ years of experience in software engineering, cybersecurity, or DevOps, with at least 4+ years dedicated explicitly to Application Security Architecture.
• Secure Engineering: Deep understanding of modern application architectures (Microservices, Cloud-Native, Serverless, API-first design) and modern development frameworks including Subject-Matter Expertise in Threat Modeling.
• Cloud Security: Proven experience securing applications hosted in major cloud environments (AWS, Azure, or GCP), including container security (Kubernetes) and Infrastructure as Code (IaC) scanning.
• Tooling Expertise: Hands-on experience scaling and tuning DevSecOps tooling (e.g., Github Advanced Security, Snyk, SonarQube, Checkov, Veracode).
• Cryptography & Protocols: Strong grasp of encryption standards, TLS, OAuth 2.0, OIDC, SAML, and secure key management.
• Education/Certifications: Bachelor s degree in Computer Science, Cybersecurity, or equivalent practical experience. Relevant certifications (e.g., CSSLP, CISSP, AWS Certified Security, CASE) are highly preferred

• Role Overview
  The Application Security Architect is responsible for assessing and securing the organization's
  software development lifecycle (SDLC). This role bridges the gap between enterprise security
  policy and engineering execution, ensuring that applications are secure by design, resilient to
  threats, and compliant with regulatory standards.
  As an AppSec Architect, you will design secure architecture patterns, establish threat modeling
  frameworks, implement automated security guardrails within CI/CD pipelines, and serve as a
  trusted advisor to engineering teams.
  
  Key Responsibilities
  " Security Architecture & Design: Define AA Tech secure coding standards,
  architectural blueprints, and security patterns (e.g., identity/auth, cryptography, data
  protection).
  " Threat Modeling: Lead and scale product platform-level threat modeling practices
  across product engineering teams during the early design phases to identify and
  mitigate architectural flaws.
  " DevSecOps Integration: Architect, deploy, and optimize automated security testing
  tools (SAST, DAST, SCA, IAST) directly into code repositories and CI/CD pipelines,
  ensuring low friction and high fidelity for developer workflows.
  " Vulnerability Management: Establish governance for triage, prioritization, and
  remediation of software vulnerabilities, providing engineering teams with clear,
  actionable mitigation guidance.
  " Developer Enablement & Training: Cultivate a security-first culture by leading
  developer-centric training programs, driving a "Security Champions" network, and
  creating self-service security components.
  " Compliance & Risk Management: Ensure applications comply with relevant industry
  frameworks and legal requirements (e.g., OWASP Top 10, ASVS, NIST, ISO 27001,
  SOC 2, HIPAA).
  " Incident Response Support: Provide deep technical expertise during application-layer
  security incidents.
  
  Required Technical Skills & Qualifications
  " Experience: 8+ years of experience in software engineering, cybersecurity, or
  DevOps, with at least 4+ years dedicated explicitly to Application Security
  Architecture.
  " Secure Engineering: Deep understanding of modern application architectures
  (Microservices, Cloud-Native, Serverless, API-first design) and modern development
  frameworks.
  " Cloud Security: Proven experience securing applications hosted in major cloud
  environments (AWS, Azure, or GCP), including container security (Kubernetes) and
  Infrastructure as Code (IaC) scanning.
  " Tooling Expertise: Hands-on experience scaling and tuning DevSecOps tooling (e.g.,
  Github Advanced Security, Snyk, SonarQube, Checkov, Veracode).
  " Cryptography & Protocols: Strong grasp of encryption standards, TLS, OAuth 2.0,
  OIDC, SAML, and secure key management.
  Education/Certifications: Bachelor s degree in Computer Science, Cybersecurity, or
  equivalent practical experience. Relevant certifications (e.g., CSSLP, CISSP, AWS
  Certified Security, CASE) are highly preferred.
  
  Core Competencies & Soft Skills
  " Pragmatic Collaboration: Ability to balance rigorous security requirements with
  business velocity, viewing engineering teams as customers rather than blockers.
  " Influential Leadership: Strong communication skills with the ability to articulate
  complex security risks to non-technical business stakeholders, executives, and
  developers alike.
  " Analytical Problem Solving: Exceptional capability to dissect complex software
  ecosystems, anticipate emerging threat vectors, and design elegant, scalable defenses.
  What Success Looks Like in This Role
  " Shift Left: Security is seamlessly baked into the design phase, drastically reducing the
  discovery of critical vulnerabilities in production.
  " Developer Autonomy: Engineers have clear, self-service security patterns and
  automated feedback loops, minimizing friction and security debt.
  " Application Security Governance: Validating and verifying security implementation
  across the product.
  " Measurable Risk Reduction: Transparent metrics (e.g., MTTR for critical flaws,
  reduction in repetitive vulnerability types) demonstrate a steadily shrinking
  application attack surface.