Stanley David and Associates
Stanley David and Associates

Application Security Architect

Irvine, CA, US • Posted 8 hours ago • Updated 8 hours ago
Full Time
No Travel Required
On-site
$120,000 - $140,000/yr
Company Branding Image
Fitment

Dice Job Match Score™

🔗 Matching skills to job...

Job Details

Skills

  • Amazon EC2
  • Access Control
  • Security Architecture

Summary

Application Security Architect
 
Must Have Technical/Functional Skills
• Hands on AWS application security architecture across EC2, EKS/ECS, VPC, IAM, KMS, Secrets Manager, WAF/Shield, GuardDuty, Inspector, CloudTrail, Config, Security Hub. 
• Threat modeling expertise (e.g., STRIDE), dataflow decomposition, and abusecase identification for web, API, ESB, and data migration paths. 
• Secure SDLC enablement: integrating SAST/DAST, SCA, container image scanning, IaC scanning (e.g., Terraform/CloudFormation), and secret scanning in CI/CD. 
• Strong command of OWASP Top 10, ASVS, dependency risk management, and secure coding standards for Java and .NET services and APIs. 
• Container and serverless security: EKS/ECS hardening (IRSA, network policies, admission controls), ECR scanning, Lambda least privilege, and event security. 
• Identity & access design: IAM roles, SCPs, org guardrails, role segmentation (RBAC/ABAC), federation (SAML/OIDC), and JIT access patterns. 
• Database security: Oracle 19c/Exadata encryption (TDE), DB network encryption, key management, privileged access controls, and SQL audit strategies. 
• TIBCO ESB security: mTLS, TLS 1.2+, credential/secret handling, payload validation, and API & integration governance. 
• OS hardening knowledge for Windows Server 2016/2019/2022/2025 and RHEL 7/8/9 (CIS benchmarks, patching, endpoint controls). 
• Clear communicator and coach for dev/DevOps/SRE teams; adept at risk articulation, tradeoff decisions, and executive level reporting.
 
Roles & Responsibilities
• Lead the security architecture for the data center exit, defining secure landing zone patterns, reference architectures, and migration guardrails. 
• Perform threat models (STRIDE) for target architectures: web/API tiers, TIBCO integrations, data pipelines, and database migration flows to Exadata on AWS. 
• Embed security controls into SDLC: codify policies for SAST/DAST/SCA, container/IaC scanning, and enforce breakglass/approval workflows in CI/CD. 
• Design identity and access patterns: leastprivilege IAM roles, finegrained segmentation, secrets rotation, and crossaccount access governance. 
• Define network security: VPC design, segmentation, Security Groups/NACLs, PrivateLink, TGW, WAF/Shield policies, and egress controls for EC2/EKS. 
• Establish data protection: KMS/HSM key hierarchies, envelope encryption, TDE for Oracle, tokenization/masking where needed, and secure backups/replication. 
• Drive cloud security monitoring & IR: CloudTrail/Config/GuardDuty/Security Hub alerting, log centralization (e.g., CloudWatch→SIEM), and playbooks/runbooks. 
• Conduct risk assessments and design reviews, align to OWASP Top 10, NIST/ISO control families, and document residual risks & compensating controls. 
• Partner with DB, app, and integration teams to secure migration tooling (e.g., replication, cutover paths), validate rollback, and perform pregolive pen tests. 
• Coach engineers via secure patterns (sample code/policies/Helm/Kyverno/Gatekeeper), lead readiness reviews, and track remediation to closure. 
Cloud Experience Needed 
• Proven onprem → AWS migration experience for large application portfolios, including EC2hosted Java/.NET and Oracle 19c → Exadata on AWS transitions. 
• Demonstrated design/implementation of AWS Landing Zone/Organizations, SCP guardrails, account baselining, and multiaccount segmentation strategies. 
• Practical use of AWS security services: IAM, KMS, Secrets Manager, Certificate Manager, WAF/Shield, GuardDuty, Inspector, Security Hub, Macie, CloudTrail, Config. 
• Container security on EKS/ECS: IRSA, Pod Security Standards, network policies, admission controls (OPA/Gatekeeper/Kyverno), and ECR scanning. 
• CI/CD security automation: integrating SAST/DAST/SCA, IaC scanners (Terraform/CFN), container scanning, and policyascode into pipelines. 
• Network architecture on AWS: VPCs, subnets, route tables, NAT/IGW, PrivateLink, Transit Gateway, interVPC segmentation, and zerotrust patterns. 
• Database migration security: encryption in transit/at rest, key rotation, privileged access, audit logging, and secure replication/cutover strategies. 
• TIBCO ESB in cloud: TLS/mTLS, credential vaulting, secure connector patterns, API governance, and monitoring/observability for integrations. 
• Experience hardening Windows Server (2016–2025) and RHEL (7–9) images (CIS), patch baselines, EDR/antimalware, and golden AMI pipelines. 
• Evidence of governance at scale: compliance mapping (OWASP Top 10, NIST/ISO), risk registers, executive reporting, and continuous control monitoring. 
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
  • Dice Id: 91097129
  • Position Id: 8924471
  • Posted 8 hours ago

Company Info

About Stanley David and Associates

We strive to add value and work as true partner with our clients

Stanley David And Associates is a recruitment specialist in the area of IT and Engineering and we stay firmly in our area of expertise, doing what we love.

We know the players and the companies and invest a lot of time getting to know candidates and clients in equal measure. This ensures a swift, cost effective and perfect placement whether it s permanent or interim.

In addition we have a reputation for having the best understanding of the market landscape, for sourcing great candidates

-We have a Global Footprint with offices in 3 countries USA, UK and India.

-SDNA Global have built up an incredible reputation within the IT strategic hiring.

-We work with Tier1 and Tier 2 IT Outsourcing companies for Leadership hiring needs in UK, Europe, USA and Indian geos.

-Each SDNA member has over 5 years of experience in Talent Acquisition

-We have successfully closed roles in countries UK, USA, Germany, Sweden, Dubai, France, Netherlands, Switzerland, Austria, Hungry, Spain, Italy, Norway, Denmark, Nigeria and South Africa

-Telecom, Media and Hi-tech

-Health care and Life Sciences

-Energy and Utilities

-CPG, Retail and Transport

-Banking and Financial Services


About_Company_OneAbout_Company_Two
Go to company profile
Create job alert
Set job alertNever miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

It looks like there aren't any Similar Jobs for this job yet.

Search all similar jobs