The Application Security Architect is responsible for a comprehensive review of the existing software application configuration (on-premise and cloud), influencing change in the controls standards, creation of easily consumed IT security standards, creation of application security patterns & diagrams, and ownership of the network security capability roadmap. This role is an essential ambassador for the shift in the technology culture to a Security-First culture.


  • Produce security architecture work as part of initiatives related to software application security;
  • Create and drive the application security capability 3-year roadmap with within Cybersecurity Services & respective IT partners; Create IT security standards easily consumed by IT partners
  • Partner with Application Development teams to improve the application security services as part of CI/CD pipeline; Build application security patterns and designs as part of initiatives to modernize the network security posture; Proactively identify application security gaps through discovery & partner with app dev teams for swift remediation
  • Innovate and think outside of the box to solve complex issues
  • Influence change of control policies with Technology Risk Management & build strong partnerships with IT Architecture & DevSecOps partners
  • Evaluate the existing application security controls, on-premise and cloud, identify improvements, and build plans into the application security capability roadmap for implementation

Required Qualifications

  • Minimum of 7 years of Strong Cybersecurity experience across network, application (web, API) & public/private cloud security architecture (web application firewalls, containers, etc..)
  • Experience in ethical hacking or vulnerability assessment on web apps, mobile, and thick-client (fuzzers, scanners, debuggers, decompliers)
  • Experience in performing code review of popular web application programming languages (Java, Javascript, C++, Python, Perl, etc…)
  • Familiarity with common web stack technologies (HTTP, REST, etc..) and platforms (e.g AngularJS, Tomcat, .Net, MS SQL, etc..)
  • Understanding of core cryptography concepts
  • Experience architecting automated data center processes, including provisioning, application and patch management, monitoring and alerting, capacity monitoring and planning, using execution and human approval workflow design and implementation.
  • Bachelor’s degree preferred or equivalent experience