Application Security Architech

Application Security Architect

Role summary

The Principal Application Security Architect is a hands-on execution leader accountable for delivering application security outcomes across modern cloud-native and legacy enterprise systems. This role owns security delivery end-to-end - from design through production ensuring high-risk applications ship securely on time and at scale. This is a doer role with architectural authority.

Primary Responsibility

• Own delivery of AppSec outcomes for critical applications and platforms
• Lead hands-on threat modelling architecture reviews and remediation execution
• Set and enforce security release gates and acceptance criteria
• Actively reduce critical and high-risk vulnerabilities through Deep Code reviews root cause analysis direct remediation guidance
• Ensure development teams understand the importance of application security principles
• Continuously liaise with various product teams to analyse application vulnerabilities
• Create and guide a team of local application security subject matter experts
• Serve as final technical authority for AppSec decisions on high-stakes initiatives
• Unblock engineering teams and resolve security-delivery conflicts
• Report clear actionable risk status to senior leadership
• Develop organisational processes and methods for security privacy and related assets
• Continuously evaluate vulnerabilities and risks in software platforms interfaces and applications
• Perform SW Threat modelling Security Risk Assessment across various technology stacks
• Create product security requirements and concepts; promote secure by design approach
• Triage and remediation planning for discovered vulnerabilities aligned to program deadlines
• Engage with internal and external partners to ensure alignment to commitments
• Mentor SW teams on secure coding best practices industry standards tools and processes
• Seek to build-in security during development of software systems and applications
• Ensure that organisational processes stay current; contribute to the Quality Management System

Your profile

• Qualification: B.E / / M.E / (Computer Science or related fields)
• 12 15 years in software engineering application security or architecture experience
• Proven history of executing and delivering AppSec improvements at scale
• Deep hands-on expertise in: Secure SDLC and application architecture OWASP Top 10 API Security Top 10 Threat modelling (STRIDE or equivalent)
• Strong experience securing Modern architectures (cloud APIs microservices containers Kubernetes) & Legacy enterprise systems (monoliths SOA on-prem)
• Strong understanding of Authentication & authorization (OAuth2 OIDC SAML) Cryptography secrets management secure configuration
• Deep experience integrating security into CI/CD pipelines
• Experience with ISO 27001/27002 and NIST Cybersecurity Framework
• Experience in identifying potential attacks and threat vectors and offer mitigation
• Experience with vulnerability management tools like Blackduck Trivy Prisma cloud Tenable etc.
• Proficient in Security assessments Authentication and access control
• Understanding of penetration testing Applied cryptography and security protocols preferable
• Experience with AppSec practices for Infrastructure connected devices etc.
• Good understanding of cryptographic primitives and their underlying principles preferable
• Good understanding of networking protocols such as TCP/IP and UDP.
• Good understanding of Content Delivery Networks and their integration into applications
• Active in the security community. Regularly attends meetups or conferences
• Working understanding of Agile Development processes
• Lead without authority in a matrix organization
• Excellent communication skills verbal and written
• Ability to translate complex ideas into simple solutions to implement