Senior Application Security Architect

This role will require the candidate to be onsite starting from Day 1. If you candidate is local please be sure to inform them the interview maybe in person***

Job Description:

Objectives of the position
Mercedes Benz Financial Services (MBFS) is committed to delivering a secure and trusted customer journey. To strengthen our cybersecurity posture across the region MBFS is seeking a Senior Cyber Security Architect / Engineer. This role is responsible for deploying operationalizing and maturing application level security capabilities in alignment with global Architecture & Engineering (AE) strategy.
The ideal candidate is a deep technical expert who can identify assess and remediate application security risks while partnering closely with development teams cloud engineers and business stakeholders to ensure secure scalable and compliant solutions.

Job Description:
Application Security
Deploy and operate application security capabilities tools and standardized requirements across the region.
Identify analyze and document application level vulnerabilities in a systematic and repeatable manner.
Communicate identified risks and mitigation strategies to technical and non technical stakeholders.
Collaborate with development teams and market units to coordinate and track remediation activities.
Provide hands-on support for secure design remediation efforts and secure SDLC practices.
Report on remediation progress risk posture and compliance readiness.
Deliver targeted application security training and awareness sessions.
Support deployment and monitoring of applications hosted in Microsoft Azure.
Explain and support application authentication and authorization concepts.

Secure Profiling & Threat Modeling
Identify and document application threats using STRIDE C4 modeling and MITRE methodologies.
Build data flow diagrams and comprehensive threat models for critical applications.
Provide actionable security recommendations based on threat modeling outputs.
Maintain tracking and coordination of remediation activities resulting from secure profiling engagements.
Identity & Access Architecture
Design secure authentication and authorization models using:
o OAuth 2.0
o OpenID Connect (OIDC)
o SAML 2.0
Implement secure integrations with Microsoft Entra ID (Azure AD).
Guide teams on:
o JWT token validation
o Managed identities
o Service-to-service authentication
o RBAC and Conditional Access
o Secure API authorization
Azure Cloud Security
Secure Azure-native workloads including App Services Azure Functions AKS and Virtual Machines.
Architect secure network configurations: NSGs private endpoints firewalls.
Implement secrets management with Azure Key Vault.
Use Defender for Cloud and Azure Policy for governance and continuous security improvement.
Ensure observability and monitoring via Log Analytics and Sentinel.

Education
Bachelors or Masters in Computer Science Information Security Cybersecurity Engineering or related discipline (Required).
CISSP Required
CCSP Recommended
Azure Certifications:
o AZ 104 (Required)
o AZ 500 AZ 700 AZ 140 (Recommended)
Experience
Minimum 10 years of experience in cybersecurity architecture and engineering.
Strong background in threat modeling and application security tools such as:
o Microsoft Threat Modeling Tool
o ThreatModeler
o IriusRisk
o securiCAD
Proven experience designing and implementing countermeasures for application risks.
Demonstrated experience collaborating with development teams during architecture design implementation testing and UAT phases.
Experience identifying analyzing and managing risk in complex enterprise environments.
Hands-on experience with security tools including:
o RedSeal
o Fortify
o Burp Suite
o Qualys
o Wiz
o CrowdStrike
o Defect Dojo
Skills Description:
Deep knowledge of architectural blueprints for data center and cloud environments with emphasis on Azure (IaaS PaaS SaaS).
Strong ability to detect vulnerabilities through code review application testing and infrastructure assessments.
High proficiency deploying and configuring applications in large-scale enterprise environments.
Working knowledge of:
NIST frameworks
OWASP Top 10
Enterprise grade security design patterns