Lead Application Security Architect

About The Position

Requirements

• 7+ years of experience in a security engineering or architecture role, with a demonstrated focus on secure design reviews, threat modeling, and vulnerability management.
• In-depth knowledge of web application security principles, secure coding practices, and addressing common vulnerabilities (e.g., OWASP Top 10).
• Proficiency in designing secure architectures for on-premises and cloud environments (e.g., AWS, Azure).
• Strong understanding of OAuth, authentication and authorization mechanisms, including multi-factor authentication, single sign-on, and emerging technologies like password-less authentication.
• Experience in encryption technologies, such as certificate-based and token-based cryptography.
• Familiarity with network protocols, topologies, and defense-in-depth strategies.
• Experience with defense-in-depth strategies, understanding of incident response.
• Exceptional communication skills, capable of bridging the gap between technical and business stakeholders.
• Financial services experience is a plus but not required. The ability to quickly acquire relevant business acumen is essential.

Responsibilities

• Lead secure design reviews and threat modeling exercises for new projects, features, and architectural changes, ensuring adherence to industry standards, regulatory requirements, and organizational security policies.
• Collaborate with development teams to identify and remediate vulnerabilities in application code and system designs, providing hands-on guidance and actionable recommendations.
• Create and maintain secure reference architectures to serve as a foundation for implementing secure systems, applications, and solutions aligned with the organization's specific needs and technologies.
• Act as a trusted advisor to development teams, integrating security considerations into the software development lifecycle and promoting secure coding practices.
• Assess conformance with architectural standards, focusing on reducing technical debt and optimizing enterprise assets such as systems, services, and information.
• Provide technical expertise on security matters, including encryption, authentication, authorization, and secure communication protocols.
• Stay current with emerging security threats, trends, and best practices, applying relevant insights to enhance the organization's security posture.
• Collaborate with cross-functional teams, including infrastructure and compliance, to align security measures with organizational goals and ensure seamless integration.
• Support security incident response efforts by contributing architectural expertise and defense-in-depth strategies as needed.
• Perform other duties and responsibilities as assigned, including occasional non-standard shifts or on-call.

Benefits

• Development opportunities
• Enriching networking groups
• Prioritizing diversity and inclusion
• Support of leaders and colleagues who care