SAVP, Cyber Application Security Architecture

The Sr. AVP - Cyber focused on Application Security Architect with software development, platform, cybersecurity, and cloud engineering teams to embed security throughout the modern software development lifecycle (SDLC). This role focuses on secure-by-design practices, DevSecOps strategy, roadmap and enablement, and risk-based vulnerability management across internally developed, third-party, SaaS, and cloud-native applications. The AppSec Architect serves as the strategic owner of the Application Security Roadmap, defines target-state AppSec maturity aligned to business growth, and prioritizes AppSec investments and tooling rationalization. The role serves as a trusted advisor to development teams and the key contributor to the organization's overall Secure Software Development Program. You will also perform Secure by Design reviews for new applications and material changes to existing applications to ensure solutions are secure, scalable, and compliant with company standards.

• 8+ years related IT experience; 5+ years'' experience in security application tools
• 6+ years'' experience in application security reviews of new architecture; 5 + years of experience with public and hybrid cloud (AWS, Azure and GCP) environments.
• Strong software development background with the ability to read, understand, and advise on production code and design decisions.
• Demonstrated expertise in threat modeling and secure architecture review for modern web and API-based applications.
• Expertise securing CI/CD and SDLC processes (pipeline security, secrets management, artifact integrity, build/release controls, and automation).
• Experience with application security tooling and processes, including managing findings and resolving false positives (SAST/SCA/DAST and related scanning in pipelines).
• Working knowledge of AI/ML security risks and mitigations for applications that use ML models or GenAI components.
• Strong collaborative and consulting skills ability to influence without authority, communicate clearly, and deliver pragmatic, developer-friendly recommendations.

Salary Range - $160,000.00 - $195,100.00

The posted range is the hiring range for this role - a subset of the broader range available to employees over time - and reflects base salary across our national hiring scale. Final offers are based on several factors, including the candidate''s skills and experience, internal pay equity, work location, market conditions for the role, and the specific scope and responsibilities of the position. The top of the range is reserved for candidates who notably exceed the requirements; the lower end applies to those with less experience or fewer preferred qualifications. For positions based in higher-cost zones (e.g., California, New York, New Jersey), actual compensation may exceed the posted range; your recruiter will share specifics during the process.

Principle Duties Developer enablement & secure coding support

• Serve as the security architecture authority within the architecture organization, partnering with product architects, principal engineers, cloud partners (AWS, Azure, GCP), and business leaders to embed secure-by-design principles into hardware appliances, multi-tenant SaaS platforms, and globally distributed cloud infrastructure.
• Coach and support developers in writing secure code, including secure patterns, common vulnerability classes, and secure use of frameworks and libraries.
• Provide timely consulting on "how to do it right" (architecture, implementation details, and operational considerations) and help teams choose secure-by-default approaches.
• Triage findings from SAST, SCA, DAST, container and IaC scanning; investigate, validate, and resolve false positives; and help teams prioritize true risk.
• Partner with teams to tune security tools, reduce noise, and improve signal quality (rules, suppressions, baselines, and exception processes) while maintaining strong security posture.
• Drive adoption of CNAPP, CWPP, WAF, service mesh security, API gateways, SIEM/SOAR, and cloud-native telemetry for protective monitoring, runtime defense, and incident-ready detection.

Secure by Design reviews

• Conduct Secure by Design reviews for new applications and material changes to existing applications, validating security requirements and design decisions early.
• Lead and facilitate threat modeling workshops; identify abuse cases, trust boundaries, and attack paths; and document mitigations and residual risk.
• Review authentication/authorization design, data flows, secrets handling, logging/monitoring, and resiliency controls to ensure secure architectures.
• Provide clear, actionable recommendations and track follow-through with engineering teams.
• Translate regulatory and compliance requirements (FedRAMP, SOC2, ISO 27001, NIST SP 800-53, CSA CCM, SOX) into actionable, measurable, and auditable security architecture control objectives-shifting from audit-driven to architecture-driven alignment.

CI/CD and SDLC security

• Advise on the security of CI/CD practices pipeline hardening, least privilege, artifact integrity, signing, provenance, and secure deployment patterns.
• Advise on secure use of third-party dependencies and supply chain controls, including SCA governance and patch/vulnerability management workflows.
• Collaborate with platform/tooling teams to integrate security controls into developer workflows with a focus on automation and self-service.

AI/ML security guidance

• Provide security architecture guidance for AI/ML and GenAI-enabled applications, including model/data risk, prompt/agent design considerations, and safe integration patterns.
• Help teams implement appropriate controls for data protection, access control, monitoring, and abuse prevention in AI/ML features.

Collaboration & communication

• Act as a trusted partner to product, engineering, and leadership-translating security requirements into developer-friendly guidance.
• Create and maintain secure coding guidance, reference architectures, and reusable patterns.
• Support incident learnings by contributing to root cause analysis and preventative design improvements.

Principle Duties Developer enablement & secure coding support

• Serve as the security architecture authority within the architecture organization, partnering with product architects, principal engineers, cloud partners (AWS, Azure, GCP), and business leaders to embed secure-by-design principles into hardware appliances, multi-tenant SaaS platforms, and globally distributed cloud infrastructure.
• Coach and support developers in writing secure code, including secure patterns, common vulnerability classes, and secure use of frameworks and libraries.
• Provide timely consulting on "how to do it right" (architecture, implementation details, and operational considerations) and help teams choose secure-by-default approaches.
• Triage findings from SAST, SCA, DAST, container and IaC scanning; investigate, validate, and resolve false positives; and help teams prioritize true risk.
• Partner with teams to tune security tools, reduce noise, and improve signal quality (rules, suppressions, baselines, and exception processes) while maintaining strong security posture.
• Drive adoption of CNAPP, CWPP, WAF, service mesh security, API gateways, SIEM/SOAR, and cloud-native telemetry for protective monitoring, runtime defense, and incident-ready detection.

Secure by Design reviews

• Conduct Secure by Design reviews for new applications and material changes to existing applications, validating security requirements and design decisions early.
• Lead and facilitate threat modeling workshops; identify abuse cases, trust boundaries, and attack paths; and document mitigations and residual risk.
• Review authentication/authorization design, data flows, secrets handling, logging/monitoring, and resiliency controls to ensure secure architectures.
• Provide clear, actionable recommendations and track follow-through with engineering teams.
• Translate regulatory and compliance requirements (FedRAMP, SOC2, ISO 27001, NIST SP 800-53, CSA CCM, SOX) into actionable, measurable, and auditable security architecture control objectives-shifting from audit-driven to architecture-driven alignment.

CI/CD and SDLC security

• Advise on the security of CI/CD practices pipeline hardening, least privilege, artifact integrity, signing, provenance, and secure deployment patterns.
• Advise on secure use of third-party dependencies and supply chain controls, including SCA governance and patch/vulnerability management workflows.
• Collaborate with platform/tooling teams to integrate security controls into developer workflows with a focus on automation and self-service.

AI/ML security guidance

• Provide security architecture guidance for AI/ML and GenAI-enabled applications, including model/data risk, prompt/agent design considerations, and safe integration patterns.
• Help teams implement appropriate controls for data protection, access control, monitoring, and abuse prevention in AI/ML features.

Collaboration & communication

• Act as a trusted partner to product, engineering, and leadership-translating security requirements into developer-friendly guidance.
• Create and maintain secure coding guidance, reference architectures, and reusable patterns.
• Support incident learnings by contributing to root cause analysis and preventative design improvements.