Application Security Architect

Application Security Architect

Software Development Center

Job Title: Application Security Architect

Location: Bangalore India

Employment Type: Permanent

METTLER TOLEDO is a leading global manufacturer of precision instruments. The Company is the worlds largest manufacturer and marketer of weighing instruments for use in laboratory industrial and food retailing applications. The Company also holds top three market positions in several related analytical instruments and is a leading provider of automated chemistry systems used in drug and chemical compound discovery and addition the Company is the worlds largest manufacturer and marketer of metal detection systems used in production and packaging. Additional information about METTLER TOLEDO can be found at .

The Software Development Centre (SWDC) of METTLER TOLEDO engages in the research design and development of software applications for all its divisions. SWDC is looking to hire an Application Security Expert with emphasis on embedded and PC application software with experience in cloud applications (SaaS). You must be passionate about security and staying ahead of possible threats to the application under development. You will be working with our global development teams to ensure that our application technology stack is robust. You will become familiar with our product architecture and help direct its development. You will provide regular reports of potential vulnerabilities and risk profiles. Good communication skills are critical to efficiently coordinate with our team and build a secure product.

Application Security Architect

Role summary

The Principal Application Security Architect is a hands-on execution leader accountable for delivering application security outcomes across modern cloud-native and legacy enterprise systems. This role owns security delivery end-to-end - from design through production ensuring high-risk applications ship securely on time and at scale. This is a doer role with architectural authority.

Primary Responsibility

• Own delivery of AppSec outcomes for critical applications and platforms

• Lead hands-on threat modelling architecture reviews and remediation execution

• Set and enforce security release gates and acceptance criteria

• Actively reduce critical and high-risk vulnerabilities through Deep Code reviews root cause analysis direct remediation guidance

• Ensure development teams understand the importance of application security principles

• Continuously liaise with various product teams to analyse application vulnerabilities

• Create and guide a team of local application security subject matter experts

• Serve as final technical authority for AppSec decisions on high-stakes initiatives

• Unblock engineering teams and resolve security-delivery conflicts

• Report clear actionable risk status to senior leadership

• Develop organisational processes and methods for security privacy and related assets

• Continuously evaluate vulnerabilities and risks in software platforms interfaces and applications

• Perform SW Threat modelling Security Risk Assessment across various technology stacks

• Create product security requirements and concepts; promote secure by design approach

• Triage and remediation planning for discovered vulnerabilities aligned to program deadlines

• Engage with internal and external partners to ensure alignment to commitments

• Mentor SW teams on secure coding best practices industry standards tools and processes

• Seek to build-in security during development of software systems and applications

• Ensure that organisational processes stay current; contribute to the Quality Management System

Your profile

• Qualification: B.E / / M.E / (Computer Science or related fields)

• 12 15 years in software engineering application security or architecture experience

• Proven history of executing and delivering AppSec improvements at scale

• Deep hands-on expertise in: Secure SDLC and application architecture OWASP Top 10 API Security Top 10 Threat modelling (STRIDE or equivalent)

• Strong experience securing Modern architectures (cloud APIs microservices containers Kubernetes) & Legacy enterprise systems (monoliths SOA on-prem)

• Strong understanding of Authentication & authorization (OAuth2 OIDC SAML) Cryptography secrets management secure configuration

• Deep experience integrating security into CI/CD pipelines

• Experience with ISO 27001/27002 and NIST Cybersecurity Framework

• Experience in identifying potential attacks and threat vectors and offer mitigation

• Experience with vulnerability management tools like Blackduck Trivy Prisma cloud Tenable etc.

• Proficient in Security assessments Authentication and access control

• Understanding of penetration testing Applied cryptography and security protocols preferable

• Experience with AppSec practices for Infrastructure connected devices etc.

• Good understanding of cryptographic primitives and their underlying principles preferable

• Good understanding of networking protocols such as TCP/IP and UDP.

• Good understanding of Content Delivery Networks and their integration into applications

• Active in the security community. Regularly attends meetups or conferences

• Working understanding of Agile Development processes

• Lead without authority in a matrix organization

• Excellent communication skills verbal and written

• Ability to translate complex ideas into simple solutions to implement