Application Security Architect- Google Cloud Platform - W2 (NO C2C) - 3 days a week Phoenix, Atlanta, Palo Alto, New York, Salt Lake, Sunrise (FL) - Posted by Tauqeer

Day-to-Day Work Effort Design and implement application security architecture for Google Cloud Platform-hosted services and applications. Ensures secure-by-design initiatives across SDLC, including threat modeling, risk assessments, and architectural reviews. Responsible for the production and review of Architecture Decision Records (ADRs). Collaborates with software engineers, DevOps, various security teams and cloud architects to ensure alignment with security best practices. Define and promote secure coding standards and security-focused CI/CD pipelines. Provide application security guidance for integrated security tools (e.g., MAST, SAST, DAST, SCA, IaC scanning, secret detection) tailored for cloud environments.

At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we re
supporting our customers financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our
colleagues are constantly redefining what s possible and we re proud to back each other every step of the way. When you join #TeamAmex, you
become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day. We back
our colleagues with the support they need to thrive, professionally and personally. That s why we have Amex Flex, our enterprise working model that
provides greater flexibility to colleagues while ensuring we preserve the important aspects of our unique in-person culture. Depending on role and business
needs, colleagues will either work onsite, in a hybrid model (combination of in-office and virtual days) or fully virtually.

There s a difference between having a job and making a difference. American Express has been making a difference in people s lives for over 160 years,
backing them in moments big and small, granting access, tools, and resources to take on their biggest challenges and reap the greatest rewards.
We ve also made a difference in the lives of our people, providing a culture of learning and collaboration, and helping them with what they need to succeed
and thrive. We have their backs as they grow their skills, conquer new challenges, or even take time to spend with their family or community. And when
they re ready to take on a new career path, we re right there with them, giving them the guidance and momentum into the best future they envision.
Because we believe that the best way to back our customers is to back our people. The powerful backing of American Express.
Don t make a difference without it.
It s more than protecting systems and data. It s protecting people. Our Application Security Architects know that security is a top priority for our business
and our partners and customers. Today, as cyber-attacks increase and compliance is more rigorously enforced, we look to them to stay ahead of what s
next and to protect our business and our future. So, if you are dedicated to the latest technology and motivating others, secure your career here. You won
t just see the problem coming, you ll see the solution. New threats to our business, our partners and customers appear on the horizon every day, so no two
days are the same. But there are some things you can count on doing:
Key Responsibilities
Design and implement application security architecture for Google Cloud Platform-hosted services and applications.
Ensures secure-by-design initiatives across SDLC, including threat modeling, risk assessments, and architectural reviews.
Responsible for the production and review of Architecture Decision Records (ADRs).
Collaborates with
software engineers, DevOps, various security teams and cloud architects
to ensure alignment with security best practices.
Define and promote secure coding standards and security-focused CI/CD pipelines.
Provide application security guidance for integrated security tools (e.g., MAST, SAST, DAST, SCA, IaC scanning, secret detection) tailored for
cloud environments.
Develop and provide consultation on security design patterns and reusable reference architectures (platform level) for Google Cloud Platform microservices, APIs,
containers, and serverless workloads.
Monitor emerging Google Cloud Platform security features and provide recommendations for adoption.
Support incident response and forensics related to application-layer attacks.
Guide remediation strategies for vulnerabilities and design flaws.
Serve as the SME for application security in security governance, audits, and compliance efforts.
Provide architectural governance, reviewing projects to ensure alignment to technical strategy, company platform roadmaps, and enterprise
standards
Drive both high level and detailed design ensuring to partner with others where applicable
Find opportunities to embrace innovative technologies, perform rapid POCs to experiment and build rails for the engineering / product teams
Coach and mentor engineering colleagues on solution architecture; providing advice, mentorship and assistance as required
Actively participate in team and enterprise-wide architecture and engineering discussions
Introduce enterprise architectural paradigms and solutions into the portfolio
Communicate to senior leaders regarding strategy direction and changes
Qualifications
7+ years in application security, software engineering, or security architecture roles.
3+ years of hands-on experience with Google Cloud Platform services, including IAM, Cloud Run, GKE, Cloud Functions, VPCs, and Cloud Armor.
Deep understanding of Google Cloud Platform: Compute, Storage, Networking, Data, and Security.
Deep understanding of secure development lifecycle (SSDLC) and cloud-native application patterns (e.g., microservices, containers, CI/CD).
Experience implementing security controls in CI/CD pipelines using Jenkins, GitHub, GitHub Actions, etc.
Expertise in at least one or more programming languages (e.g., Python, Java, Go, Node.js).
Familiarity with OWASP Top 10, SANS CWE Top 25, and threat modeling methodologies (e.g., STRIDE).
Proven ability to communicate risk to technical and executive stakeholders.
At least one security related certification like: GDSA, GCAD, GWAT, GWEB, GPEN, Google Cloud PlatformN GXPN
Any of the following certifications are a plus, SABSA, TOGAF, Google Cloud Platform PCA.