Senior Application Security Architect

Rockville, MD - USA

Monthly Salary: Not Disclosed

Posted on: 6 hours ago

Vacancies: 1 Vacancy

Job Summary

Job Title: Senior Application Security Architect
Location: Rockville VA
Work Model: Hybrid (Onsite 2-3 days in a week)
Duration: Contract
Pay Rate: $70/hr
Work Authorization: Any US Work Authorization
Start Date: ASAP

Job Summary

Santcore Technologies is seeking a Senior Application Security Architect for a contract engagement in McLean VA.
This role is responsible for designing implementing and governing enterprise-wide application security architecture and standards. The architect will establish security frameworks conduct architecture and design reviews and lead strategic security initiatives that embed security across the entire Software Development Life Cycle (SDLC).

The ideal candidate brings strong application security architecture depth hands-on technical understanding and the ability to influence development and platform teams while balancing security requirements with business objectives.

Key Responsibilities

Design and establish enterprise application security architecture frameworks reference models and standards aligned with business objectives and risk tolerance
Lead application and system architecture reviews to identify security gaps and recommend appropriate compensating controls
Develop and maintain security baselines standards and reusable design patterns for web mobile API microservices and cloud-native applications
Create mature and facilitate threat modeling practices and sessions with development teams
Define secure coding standards and security requirements based on application type data sensitivity and risk profile
Architect security solutions covering authentication authorization encryption and secure communications
Establish security guardrails for cloud-native serverless containerized and infrastructure-as-code environments
Design and implement API security strategies including identity flows gateways throttling and rate limiting
Embed security architecture principles into CI/CD pipelines to support enterprise DevSecOps initiatives
Evaluate select and recommend application security tools and technologies (SAST DAST IAST SCA etc.)
Develop and maintain security architecture roadmaps and guide implementation of enterprise security capabilities
Partner with development platform and infrastructure teams to design secure solutions that balance delivery speed and risk
Lead cross-functional security initiatives with enterprise-wide impact
Leverage GenAI technologies to enhance architecture reviews and automate security analysis
Maintain documentation of security architecture decisions patterns and reference implementations
Develop and deliver security architecture guidance and training for developers and architects
Stay current with emerging threats technologies and application security best practices
Perform security design reviews for new applications and major system changes
Architect secure data handling practices including encryption at rest and in transit

Required Qualifications

Bachelors degree in Computer Science Information Security or a related technical field
5 years of experience in Application Security including 2 years in a Security Architecture role
Deep knowledge of secure design principles threat modeling methodologies and security architecture patterns
Experience designing security controls for cloud platforms such as AWS Azure or Google Cloud Platform
Proficiency evaluating and implementing application security tools including SAST DAST IAST and SCA
Hands-on experience with security testing and proxy tools
Strong understanding of secure software development practices and DevSecOps implementations
In-depth knowledge of OWASP Top 10 CWE/SANS and related application security standards
Experience with authentication and identity technologies including MFA SSO OAuth 2.0 SAML and OIDC
Experience designing and securing APIs and microservices architectures
Knowledge of regulatory and compliance requirements and their impact on application architecture
Proficiency in one or more programming languages: Java Python or JavaScript
Experience performing secure code reviews and identifying common vulnerability patterns
Strong understanding of cryptographic protocols and secure implementation practices
Experience supporting modern application architectures such as SPAs serverless and container-based systems
Excellent communication skills with the ability to explain complex security concepts to technical and non-technical stakeholders
Proven experience leading cross-functional initiatives and influencing stakeholders

Preferred Qualifications

Relevant certifications such as CISSP CSSLP or Cloud Security Certifications

Job Title: Senior Application Security Architect Location: Rockville VA Work Model: Hybrid (Onsite 2-3 days in a week) Duration: Contract Pay Rate: $70/hr Work Authorization: Any US Work Authorization Start Date: ASAP Job Summary Santcore Technologies is seeking a Senior Application Security Archi...

Job Summary

Key Responsibilities

Design and establish enterprise application security architecture frameworks reference models and standards aligned with business objectives and risk tolerance
Lead application and system architecture reviews to identify security gaps and recommend appropriate compensating controls
Develop and maintain security baselines standards and reusable design patterns for web mobile API microservices and cloud-native applications
Create mature and facilitate threat modeling practices and sessions with development teams
Define secure coding standards and security requirements based on application type data sensitivity and risk profile
Architect security solutions covering authentication authorization encryption and secure communications
Establish security guardrails for cloud-native serverless containerized and infrastructure-as-code environments
Design and implement API security strategies including identity flows gateways throttling and rate limiting
Embed security architecture principles into CI/CD pipelines to support enterprise DevSecOps initiatives
Evaluate select and recommend application security tools and technologies (SAST DAST IAST SCA etc.)
Develop and maintain security architecture roadmaps and guide implementation of enterprise security capabilities
Partner with development platform and infrastructure teams to design secure solutions that balance delivery speed and risk
Lead cross-functional security initiatives with enterprise-wide impact
Leverage GenAI technologies to enhance architecture reviews and automate security analysis
Maintain documentation of security architecture decisions patterns and reference implementations
Develop and deliver security architecture guidance and training for developers and architects
Stay current with emerging threats technologies and application security best practices
Perform security design reviews for new applications and major system changes
Architect secure data handling practices including encryption at rest and in transit

Required Qualifications

Bachelors degree in Computer Science Information Security or a related technical field
5 years of experience in Application Security including 2 years in a Security Architecture role
Deep knowledge of secure design principles threat modeling methodologies and security architecture patterns
Experience designing security controls for cloud platforms such as AWS Azure or Google Cloud Platform
Proficiency evaluating and implementing application security tools including SAST DAST IAST and SCA
Hands-on experience with security testing and proxy tools
Strong understanding of secure software development practices and DevSecOps implementations
In-depth knowledge of OWASP Top 10 CWE/SANS and related application security standards
Experience with authentication and identity technologies including MFA SSO OAuth 2.0 SAML and OIDC
Experience designing and securing APIs and microservices architectures
Knowledge of regulatory and compliance requirements and their impact on application architecture
Proficiency in one or more programming languages: Java Python or JavaScript
Experience performing secure code reviews and identifying common vulnerability patterns
Strong understanding of cryptographic protocols and secure implementation practices
Experience supporting modern application architectures such as SPAs serverless and container-based systems
Excellent communication skills with the ability to explain complex security concepts to technical and non-technical stakeholders
Proven experience leading cross-functional initiatives and influencing stakeholders