Application Security Architect

Who We Are

At Corebridge Financial we believe action is everything. Thats why every day we partner with financial professionals and institutions to make it possible for more people to take action in their financial lives for today and tomorrow.

We align to a set of Values that are the core pillars that define our culture and help bring our brand purpose to life:

We are stronger as one: We collaborate across the enterprise scale what works and act decisively for our customers and partners
We deliver on commitments: We are accountable empower each other and go above and beyond for our stakeholders
We learn improve and innovate: We get better each day by challenging the status quo and equipping ourselves for the future
We are inclusive: We embrace different perspectives enabling our colleagues to make an impact and bring their whole selves to work

About the role

The Application Security Architect to lead the design implementation and oversight of secure application architectures across our organization. This role focuses on integrating security into software development processes collaborating with developers and application security teams and building scalable secure application frameworks. The ideal candidate will bring deep expertise in application security strong communication skills and the ability to work independently or collaboratively to drive security initiatives and foster a securityfirst culture.

• Design document and maintain secure architecture patterns diagrams and reference architectures for Web API and Mobile applications.
• Conduct security reviews of application designs APIs and development pipelines identifying vulnerabilities and recommending secure design strategies.
• Perform threat modeling and risk assessments to identify vulnerabilities and recommend appropriate mitigating controls.
• Recommend and oversee the implementation of security controls in CI/CD pipelines ensuring governance and standardization of tools such as SAST DAST and IAST.
• Collaborate closely with application security teams developers application owners cloud teams and engineering teams to integrate security into the SDLC and organizational workflows.
• Communicate risks effectively to developers application owners and senior executives tailoring technical risks into actionable insights for both technical and nontechnical audiences.
• Guide the adoption and implementation of OWASP standards including ASVS OWASP Top 10 and API Security Top 10.
• Demonstrate strong knowledge and understanding of microservices driven architecture ensuring secure integration into overall system design.
• Maintain familiarity with APIs API gateways service mesh and APIrelated security tooling and practices to secure API designs and integrations.
• Provide expertise in container security advising on the use of immutable operating systems and secure deployment practices.
• Partner with developers and engineering teams to promote secure coding practices and ensure security is a natural part of their workflows.
• Stay informed of emerging application security threats and technologies and proactively recommend improvements to enhance the security posture.
• Foster a securityfirst culture by mentoring development teams promoting secure coding practices and embedding security in organizational workflows.

Please note: The job can only be performed in the State location listed: Jersey City NJ Durham NC and Houston TX.

What we are looking for

Required Qualifications:

• 7 years of handson experience in application security secure coding and software development practices for Web API and Mobile applications.
• Strong ability to create and review application designs diagrams and reference architectures.
• Expertise in secure software development life cycle (SDLC) and DevSecOps processes.
• Proficiency in SaaS PaaS and IaaS environments including platforms like AWS Azure M365 and Saleforce.
• Experience with various application security tools such as SonarQube Veracode Codacy and familiarity with integrating security into CI/CD pipelines.
• Knowledge of common CI/CD pipeline and development tools such as Jenkins GitHub Artifactory Terraform Vault.
• Knowledge of containerization and orchestration technologies like Docker Kubernetes EKS ECS and OCP including container security practices and the use of immutable containers.
• Working knowledge of regulatory requirements and compliance standards such as NYDFS CCPA PCIDSS HIPAA SOX and GDPR.
• Relevant certifications such as CISSP CSSLP OSCP or equivalent.
• Ability to work independently or collaboratively in a teamoriented environment.
• Bachelors degree in a relevant field or proven record of experience in Information Technology and Cyber Security roles.

Technical Skills:

• Knowledge of OWASP ASVS OWASP Top 10 API Security Top 10 and secure coding practices.
• Proficiency in designing implementing and securing API gateways (e.g. Kong Apigee AWS API Gateway) and service mesh (e.g. Istio Linkerd) for secure communication and service management.
• Expertise in implementing security controls in CI/CD pipelines ensuring alignment with security standards and best practices using tools such as Jenkins GitHub and Terraform.
• Knowledge of securing containerized environments including securing images leveraging immutable OSes and applying best practices in orchestration security.
• Expertise in designing processes for patching vulnerabilities and implementing resilient deployment strategies (e.g. bluegreen deployments).
• Expertise in encryption (e.g. TLS AES RSA) and secure data management practices.

Common Security and Architecture Frameworks:

• OWASP ASVS (Application Security Verification Standard)
• NIST Cybersecurity Framework (CSF)
• ISO 27001 and 27002
• CIS Controls
• SABSA (Sherwood Applied Business Security Architecture)
• TOGAF (The Open Group Architecture Framework)
• AWS WellArchitected Framework

Preferred Certifications:

• Certified Secure Software Lifecycle Professional (CSSLP)
• GIAC Web Application Penetration Tester (GWAPT)
• GIAC Secure Software Programmer (GSSP)
• AWS Certified Solutions Architect Associate or Professional
• AWS Certified Security Specialty
• Microsoft Certified: Azure Solutions Architect Expert
• TOGAF (The Open Group Architecture Framework)
• SABSA Foundation or Practitioner

Soft Skills:

• Strong analytical and problemsolving abilities.
• Excellent interpersonal and collaboration skills.
• Proven ability to communicate complex ideas to technical and nontechnical audiences.
• Strong organizational and time management skills.
• Adaptability and a commitment to continuous learning of new technologies and methodologies.
• Attention to detail and dedication to delivering highquality results.
• High level of integrity and ethical conduct.

IndustrySpecific Experience:

• Experience in financial services insurance or other regulated environments.
• Proven ability to design and implement application security controls that align with industry regulations and standards.
• Experience conducting application security assessments and audits in regulated industries.
• Familiarity with industryspecific application threats and vulnerabilities to tailor security solutions.

For position based in Jersey City NJ the base salary range is $140000 $165000 and the position is eligible for a bonus in accordance with the terms of the applicable incentive plan. In addition were proud to offer a range of competitive benefits.

#LISAFG #LICW1 #LIHybrid

This role is deemed a covered associate under SEC RuleCFR 275.20645 Political contributions by certain investment advisers and other federal and state paytoplay rules. Candidates for the role must not have made any political contributions that under 17 CFR 275.20645 or other federal or state paytoplay regulations would disqualify the candidate or Corebridge Financial from conducting Corebridge Financials business or that would otherwise create a conflict of interest for Corebridge Financial. Applicants who are selected to move forward with the application process will be required to disclose all U.S. political contributions they and their household family members have made over the past two years.

Applications will be accepted for this position until a satisfactory candidate pool has been identified.

Why Corebridge

At Corebridge Financial we prioritize the health wellbeing and worklife balance of our employees. Our comprehensive benefits and wellness program is designed to support employees both personally and professionally ensuring that they have the resources and flexibility needed to thrive.

Benefit Offerings Include:

Health and Wellness: We offer a range of medical dental and vision insurance plans as well as mental health support and wellness initiatives to promote overall wellbeing
Retirement Savings: We offer retirement benefits options which vary by location. In the U.S. our competitive 401(k) Plan offers a generous dollarfordollar Company matching contribution of up to 6 of eligible pay and a Company contribution equal to 3 of eligible pay (subject to annual IRS limits and Plan terms). These Company contributions vest immediately.
Employee Assistance Program: Confidential counseling services and resources are available to all employees
Matching charitable donations: Corebridge matches donations to taxexempt organizations 1:1 up to $5000
Volunteer Time Off: Employees may use up to 16 volunteer hours annually to support activities that enhance and serve communities where employees live and work
Paid Time Off: Eligible employees start off with at least 24 Paid Time Off (PTO) days so they can take time off for themselves and their families when they need it.

Eligibility for and participation in employersponsored benefit plans and Company programs will be subject to applicable law governing Plan document(s) and Company policy.

We are an Equal Opportunity Employer

Corebridge Financial is committed to being an equal opportunity employer and we comply with all applicable federal state and local fair employment laws. All applicants will be considered for employment based on jobrelated qualifications and without regard to race color religion sex gender gender identity or expression sexual orientation national origin disability neurodivergence age veteran status or any other protected characteristic. The Company is also committed to compliance with all fair employment practices regarding citizenship and immigration status. At Corebridge Financial we believe that diversity and inclusion are critical to building a creative workplace that leads to innovation growth and profitability. Through a wide variety of programs and initiatives we invest in each employee seeking to ensure that our colleagues are respected as individuals and valued for their unique perspectives.

Corebridge Financial is committed to working with and providing reasonable accommodations to job applicants and employees including any accommodations needed on the basis of physical or mental disabilities or sincerely held religious beliefs. If you believe you need a reasonable accommodation in order to search for a job opening or to complete any part of the application or hiring process please send an email to Reasonable accommodations will be determined on a casebycase basis in accordance with applicable federal state and local law.

We will consider for employment qualified applicants with criminal histories consistent with applicable law.

To learn more please visit:

Corebridge Financial is committed to working with and providing reasonable accommodations to job applicants and employees with physical or mental disabilities. If you believe you need a reasonable accommodation in order to search for a job opening or to complete any part of the application or hiring process please send an email to . Reasonable accommodations will be determined on a casebycase basis.

Applications will be accepted for this position until a satisfactory candidate pool has been identified