Job Title: Application Security (AppSec) Architect
Role Overview
The Application Security Architect is responsible for assessing and securing the organization''''s
software development lifecycle (SDLC). This role bridges the gap between enterprise security
policy and engineering execution, ensuring that applications are secure by design, resilient to
threats, and compliant with regulatory standards.
As an AppSec Architect, you will design secure architecture patterns, establish threat modeling
frameworks, implement automated security guardrails within CI/CD pipelines, and serve as a
trusted advisor to engineering teams.
Key Responsibilities
• Security Architecture & Design: Define AA Tech secure coding standards,
architectural blueprints, and security patterns (e.g., identity/auth, cryptography, data
protection).
• Threat Modeling: Lead and scale product platform-level threat modeling practices
across product engineering teams during the early design phases to identify and
mitigate architectural flaws.
• DevSecOps Integration: Architect, deploy, and optimize automated security testing
tools (SAST, DAST, SCA, IAST) directly into code repositories and CI/CD pipelines,
ensuring low friction and high fidelity for developer workflows.
• Vulnerability Management: Establish governance for triage, prioritization, and
remediation of software vulnerabilities, providing engineering teams with clear,
actionable mitigation guidance.
• Developer Enablement & Training: Cultivate a security-first culture by leading
developer-centric training programs, driving a Security Champions network, and
creating self-service security components.
• Compliance & Risk Management: Ensure applications comply with relevant industry
frameworks and legal requirements (e.g., OWASP Top 10, ASVS, NIST, ISO 27001,
SOC 2, HIPAA).
• Incident Response Support: Provide deep technical expertise during application-layer
security incidents.
Required Technical Skills & Qualifications
• Experience: 8+ years of experience in software engineering, cybersecurity, or
DevOps, with at least 4+ years dedicated explicitly to Application Security
Architecture.
• Secure Engineering: Deep understanding of modern application architectures
(Microservices, Cloud-Native, Serverless, API-first design) and modern development
frameworks.
• Cloud Security: Proven experience securing applications hosted in major cloud
environments (AWS, Azure, or Google Cloud Platform), including container security (Kubernetes) and
Infrastructure as Code (IaC) scanning.
• Tooling Expertise: Hands-on experience scaling and tuning DevSecOps tooling (e.g.,
Github Advanced Security, Snyk, SonarQube, Checkov, Veracode).
• Cryptography & Protocols: Strong grasp of encryption standards, TLS, OAuth 2.0,
OIDC, SAML, and secure key management.
Education/Certifications: Bachelor’s degree in Computer Science, Cybersecurity, or
equivalent practical experience. Relevant certifications (e.g., CSSLP, CISSP, AWS
Certified Security, CASE) are highly preferred.
Core Competencies & Soft Skills
• Pragmatic Collaboration: Ability to balance rigorous security requirements with
business velocity, viewing engineering teams as customers rather than blockers.
• Influential Leadership: Strong communication skills with the ability to articulate
complex security risks to non-technical business stakeholders, executives, and
developers alike.
• Analytical Problem Solving: Exceptional capability to dissect complex software
ecosystems, anticipate emerging threat vectors, and design elegant, scalable defenses.
What Success Looks Like in This Role
• Shift Left: Security is seamlessly baked into the design phase, drastically reducing the
discovery of critical vulnerabilities in production.
• Developer Autonomy: Engineers have clear, self-service security patterns and
automated feedback loops, minimizing friction and security debt.
• Application Security Governance: Validating and verifying security implementation
across the product.
• Measurable Risk Reduction: Transparent metrics (e.g., MTTR for critical flaws,
reduction in repetitive vulnerability types) demonstrate a steadily shrinking
application attack surface.
Never miss an opportunity! Create an alert based on the job you applied for.
