Solution Architect – Application Security (AppSec), Zero Trust & Compliance

Role Overview: We are seeking a highly experienced Solution Architect Application Security Lead to drive the design implementation and governance of enterprise-grade AppSec Zero Trust architecture and regulatory compliance frameworks.

This role will be responsible for embedding security-by-design principles across application lifecycles leading Zero Trust adoption and ensuring alignment with regulatory and industry standards (e.g. PCI-DSS OSFI NIST ISO 27001).

Application Security Strategy & Architecture

Define and implement enterprise-wide AppSec strategy aligned with business and security objectives Architect secure SDLC frameworks.

SAST DAST SCA IAST

API security

Container & cloud-native security

Establish security patterns reference architectures and guardrails for application teams Drive DevSecOps enablement across CI/CD pipelines

Zero Trust Architecture Leadership

Lead the design and rollout of Zero Trust architecture across application ecosystems.

Implement key Zero Trust principles.

Continuous verification

Least privilege access

Micro-segmentation

Integrate with:

Identity & Access Management (IAM/CIAM)

Privileged Access Management (PAM)

Endpoint and workload protection platforms

Align application access controls with identity-centric security models

Compliance & Regulatory Governance

Ensure application security controls meet: OSFI B-13 / B-10 (Canada BFSI) PCI-DSS SOX GDPR ISO 27001 NIST

Drive audit readiness control validation and compliance reporting.

Establish risk-based control frameworks and remediation tracking.

Partner with internal audit risk and compliance teams.

Secure Architecture & Threat Modeling

Conduct secure design reviews and threat modeling (STRIDE ATT&CK).

Identify and mitigate application-layer vulnerabilities and attack vectors.

Define security requirements for APIs microservices and cloud-native applications.

Embed security testing and validation processes.

Engineering & Tooling Enablement

Lead deployment and optimization of AppSec tools.

SAST: Checkmarx Fortify Veracode

DAST: Burp AppScan

SCA: Snyk Black Duck

Container security: Prisma Aqua

Integrate tools into CI/CD pipelines (Azure DevOps GitHub Jenkins).

Drive automation for vulnerability management and remediation tracking.

Stakeholder & Delivery Leadership

Act as a trusted advisor to engineering architecture and business leaders.

Lead cross-functional teams across development DevOps and security.

Provide executive-level reporting on AppSec maturity and risk posture.

Mentor teams on secure coding and security best practices.

Required Qualifications

12 years in cybersecurity application security or architecture roles

Proven experience as a Solution Architect or AppSec Lead in large enterprises (preferably BFSI)

Strong expertise in:

Secure SDLC / DevSecOps

Zero Trust Architecture

Cloud platforms (Azure AWS GCP)

Hands-on experience with AppSec tools and CI/CD integrations.

Deep understanding of:

OWASP Top 10 API Security Top 10

Threat modeling methodologies

Experience with regulatory compliance frameworks (OSFI PCI-DSS ISO NIST)

Preferred Certifications:

CISSP / CISM / CCSP

CSSLP (Certified Secure Software Lifecycle Professional) TOGAF (Architecture) SABSA or equivalent security architecture certifications