Application Security Architect

Responsibilities

The Application Security Architect partners with software development, platform, cybersecurity, and cloud engineering teams to embed security throughout the modern software development lifecycle (SDLC).

This role focuses on secure-by-design practices, DevSecOps strategy, roadmap and enablement, and risk-based vulnerability management across internally developed, third-party, SaaS, and cloud-native applications.

The AppSec Architect serves as the strategic owner of the Application Security Roadmap, defines target-state AppSec maturity aligned to business growth, and prioritizes AppSec investments and tooling rationalization.

The role serves as a trusted advisor to development teams and the key contributor to the organization's overall Secure Software Development Program.

Key Responsibilities

Secure SDLC & DevSecOps


* Embed application security controls into CI/CD pipelines, including automated SAST, DAST, IAST, SCA, secrets detection, and IaC scanning.


* Establish standardized security controls across platforms.


* Design exceptions and compensating controls.


* Partner with development teams to implement shift-left security while maintaining delivery velocity.


* Define and maintain secure coding standards, security design patterns, and reference architectures.


* Participate in architecture and design reviews, including threat modeling for new applications and major changes.


* Perform research and development (R&D) into existing processes and tooling opportunities

Application & Cloud Security Assessment


* Identify and assess security risks in web, mobile, API, SaaS, and cloud-native applications developed internally or by third parties.


* Perform or coordinate:
+ Source code reviews (manual and automated)
+ Application vulnerability assessments and penetration tests
+ API and microservices security testing & analysis
+ Cloud configuration and IaC security reviews


* Validate findings, reduce false positives, and prioritize remediation based on business risk.


* Establish reusable security architecture patterns for cloud-native and distributed systems .

Vulnerability & Risk Management


* Manage application security findings through a centralized vulnerability or risk management platform.


* Work with development teams to define practical, risk-based remediation guidance.


* Track remediation progress, verify fixes, and support exception/risk acceptance processes.


* Contribute to application security metrics, KPIs, and executive-level reporting.


* Translate technical debt and vulnerabilities into business risk and exposure.

Open Source & Supply Chain Security


* Assess and manage risks related to open-source dependencies, libraries, and third-party components.


* Support Software Composition Analysis (SCA) and software supply chain security initiatives (e.g., dependency hygiene, SBOMs).


* Evaluate se...