Systems Architect 3 / Application Security Architect

Title: Systems Architect 3 / Application Security Architect

Remote

Duration: 12-month contract
Interview: 2 steps Teams video onsite

What they need (in short)

Looking for a developer who moved into security (NOT a security-only profile).
Someone who can:

• Deconstruct enterprise application architectures (app server DB middleware networking dependencies)

• Build application threat models and publish results

• Automate AppSec work (tooling, APIs, CI/CD integration, security logic in pipelines/microservices)

• Use Python (write), and read Java + C#

• Leverage Copilot / AI agents for analysis and code review

Responsibilities

• Partner with app/service/platform teams to capture accurate architecture details

• Create threat models using tooling (ThreatModeler / MS Threat Modeling Tool / OWASP Threat Dragon)

• Apply methodology (STRIDE / PASTA / OCTAVE / LINDDUN / VAST) to identify & prioritize threats

• Validate mitigations via designs/configs/source code evidence

• Recommend mitigations and present/publish results

• Collaborate with Cybersecurity Architecture on new controls where gaps exist

Required Qualifications

• 4+ years Systems Architecture and/or Systems Development

• 3+ years Cybersecurity experience (work/training/education/certs)

• 1+ year AWS/Azure/Google Cloud Platform

• 1+ year Python programming

• Proficient in at least one Threat Modeling methodology (STRIDE/PASTA/etc.)

• Familiar with OWASP Top 10, CAPEC, MITRE ATT&CK, secure design principles

• Ability to run multiple threat models in parallel with short cycle times

Desired

• CISSP/CCSP and/or cloud certs

• 3+ years leading architecture risk reviews / threat models

• Threat Modeling GenAI / Threat Modeling-as-Code (TaaC)