Application Security Architect

Alarm.comTysons, VA
$158,050 - $193,325Hybrid

About The Position

Alarm.com is seeking an Application Security Architect to join their security organization. This role will be the primary owner of application security, with the opportunity to shape and build the AppSec function. The architect will play a hands-on, influential role in ensuring secure software development across a diverse ecosystem including mobile apps, cloud services, on-prem systems, IoT devices, and AI-powered features. Responsibilities include collaborating with engineers, participating in design reviews, leading threat modeling, and helping teams adopt secure development practices. Alarm.com offers an environment with smart, friendly engineers, cutting-edge products, and a platform spanning home automation to large-scale data processing, blending deep technical work, cross-team partnership, and practical security engineering.

Requirements

  • 10+ years of experience in application security, software engineering, or related technical security roles (8+ acceptable for exceptionally strong candidates).
  • Bachelor's in Computer Science, Computer Engineering, Electrical Engineering, or related field, or equivalent work experience
  • Proficiency in at least one programming language (e.g., Python, JavaScript, C#) and ability to navigate large, complex codebases.
  • Knowledge of application security best practices across both cloud and on-prem environments, including cloud-hosted Kubernetes and related cloud services.
  • Hands-on experience with AppSec tooling and techniques (SAST, DAST, SCA, IAST, WAF, etc.).
  • Strong understanding of vulnerabilities, exploitability, and security principles (e.g., OWASP Top 10, secure design patterns).
  • Experience with CI/CD pipelines and DevSecOps practices.
  • Demonstrated ability to influence engineering teams and drive security outcomes without relying on authority.
  • Strong analytical thinking, practical problem-solving skills, and a balanced approach to technical risk.
  • Excellent written and verbal communication skills, capable of explaining complex security issues to both technical and non-technical audiences.

Nice To Haves

  • Experience with GitHub Advanced Security (including code scanning, secret scanning, and dependency insights) is preferred.
  • Familiarity with AI and LLM security concepts—such as model hardening, prompt/input validation, data protection, and the OWASP Top 10 for LLMs—is preferred.

Responsibilities

  • Triage and track inbound findings from SAST, DAST, IAST, SCA tools, and external sources (bug bounty, penetration tests).
  • Maintain strong awareness of vulnerability trends and exploitability.
  • Prioritize remediation using a risk-based approach, partnering directly with engineering teams.
  • Partner with engineering and platform leadership to embed security practices throughout the development lifecycle.
  • Influence and evolve the AppSec tooling and automation roadmap—including emerging AI-assisted capabilities—through prototyping, evaluation, and feedback.
  • Lead threat modeling and participate in feature-team design reviews to ensure security best practices are applied across new features and architectural changes.
  • Collaborate early with engineers, architects, and tech leads during design sessions to identify risks, guide secure design decisions, and embed security into system architecture.
  • Perform deep, targeted reviews of high-risk code paths, APIs, authentication/authorization flows, and sensitive components.
  • Coordinate with Penetration Testers, Red Teams, and Compliance teams to ensure holistic coverage.
  • Partner with teams adopting AI and LLM-based systems—both internal tooling and production features—to ensure secure design, model and data protection, prompt/input validation, and safe integration patterns.
  • Assess and mitigate risks related to data leakage, model behavior, supply chain concerns, and emerging AI security threats.
  • Build and maintain security automation integrated into CI/CD pipelines.
  • Automate detection, validation, and developer-friendly remediation workflows to improve signal quality and reduce friction.
  • Serve as a domain expert and partner to engineering teams.
  • Deliver workshops, provide secure coding guidance, and help teams adopt effective security controls and testing practices.
  • Advise on application-layer security in cloud-native environments, including identity, secrets management, network exposure, and service-to-service authentication.
  • Provide security guidance for IoT devices and platform components, including OSS dependency risk analysis and security considerations for legacy or constrained devices.
  • Translate policy and compliance requirements into practical guidance for developers.
  • Contribute to policy evolution and support audit activities as needed.
  • Collaborate with InfoSec during security incidents and investigations.
  • Maintain and evolve runbooks and contribute to post-incident reviews to drive systemic improvements.

Benefits

  • Subsidized medical plan options
  • HSA with generous company contribution
  • 401(k) with employer match
  • Paid holidays
  • Wellness time
  • Vacation increasing with tenure
  • Paid maternity and bonding leave
  • Company-paid disability and life insurance
  • FSAs
  • Well-being resources and activities
  • Casual dress work environment
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service