Application Security Architect

Hcc Service Company•Houston, TX

4d•Onsite

About The Position

Tokio Marine HCC is seeking an Application Security Architect to join our Corporate Security team. In this role, you will serve as a trusted advisor and technical leader, driving secure design principles and modern security practices across a global, federated enterprise. You will collaborate closely with software development, infrastructure, and cloud engineering teams to ensure our applications are secure, scalable, and aligned with TMHCC's enterprise standards. As part of a dynamic and collaborative environment, you will influence the adoption of secure coding practices, integrate security into development pipelines, and shape the future of application security across multiple business units.

Requirements

Bachelor's degree in Computer Science, Cybersecurity, or related technical field (or equivalent experience).
Minimum of 5 years of experience in software development, software security, or application architecture.
Strong knowledge of web application security principles, OWASP Top 10, and secure SDLC.
Experience designing and securing modern architectures (microservices, APIs, containers, serverless).
Proficiency in at least one major programming language (C#/.NET or Python).
Familiarity with application security tools (SAST, DAST, SCA, IAST, secrets scanning).
Excellent communication, influence, and collaboration skills across technical and non-technical stakeholders.

Nice To Haves

Relevant certifications such as CISSP, CSSLP, or GIAC preferred.
Experience with AWS and/or Azure application security best practices.
Background in financial services, insurance, or other regulated industries is a plus.

Responsibilities

Shape and influence enterprise application security strategy across TMHCC's federated business model.
Define, advocate for, and implement secure design principles across cloud-native, containerized, and on-premises environments.
Develop and maintain secure architecture blueprints and reusable security patterns for enterprise adoption.
Conduct threat modeling and application architecture reviews to proactively identify and mitigate risks early in the lifecycle.
Integrate security testing tools (SAST, DAST, SCA, IAST, secrets scanning) into enterprise and business unit CI/CD pipelines.
Partner with DevOps, Infrastructure, and Cloud teams to embed security into development workflows and platform engineering practices.
Collaborate with developers, architects, and business unit leaders to promote secure development and consistent security standards.
Support incident response, risk, and compliance teams with application-related assessments and investigations.
Research emerging threats and technologies to continuously enhance TMHCC's application security maturity.