Application Security Architect

Application Security Architect#26-15439 North Chicago, IL Onsite Job Description

Position Title:

Application Security Architect

Number of Positions Needed:

1

Length of Contract:

1 year Remote, 100% Top 3-5 skills

Experience:

8+ years of experience in software engineering, cybersecurity, or DevOps, with at least 4+ years dedicated explicitly to Application Security Architecture.

Secure Engineering:

Deep understanding of modern application architectures (Microservices, Cloud-Native, Serverless, API-first design) and modern development frameworks including Subject-Matter Expertise in Threat Modeling.

Cloud Security:

Proven experience securing applications hosted in major cloud environments (AWS, Azure, or GCP), including container security (Kubernetes) and Infrastructure as Code (IaC) scanning.

Tooling Expertise:

Hands-on experience scaling and tuning DevSecOps tooling (e.g., Github Advanced Security, Snyk, SonarQube, Checkov, Veracode).

Cryptography & Protocols:

Strong grasp of encryption standards, TLS, OAuth 2.0, OIDC, SAML, and secure key management.

Education/Certifications:

Bachelor's degree in Computer Science, Cybersecurity, or equivalent practical experience. Relevant certifications (e.g., CSSLP, CISSP, AWS Certified Security, CASE) are highly preferred

Job Title:

Application Security (AppSec) Architect Role Overview The Application Security Architect is responsible for assessing and securing the organization's software development lifecycle (SDLC). This role bridges the gap between enterprise security policy and engineering execution, ensuring that applications are secure by design, resilient to threats, and compliant with regulatory standards. As an AppSec Architect, you will design secure architecture patterns, establish threat modeling frameworks, implement automated security guardrails within CI/CD pipelines, and serve as a trusted advisor to engineering teams. Key Responsibilities •

Security Architecture & Design:

Define AA Tech secure coding standards, architectural blueprints, and security patterns (e.g., identity/auth, cryptography, data protection). •

Threat Modeling:

Lead and scale product platform-level threat modeling practices across product engineering teams during the early design phases to identify and mitigate architectural flaws. •

DevSecOps Integration:

Architect, deploy, and optimize automated security testing tools (SAST, DAST, SCA, IAST) directly into code repositories and CI/CD pipelines, ensuring low friction and high fidelity for developer workflows. •

Vulnerability Management:

Establish governance for triage, prioritization, and remediation of software vulnerabilities, providing engineering teams with clear, actionable mitigation guidance. •

Developer Enablement & Training:

Cultivate a security-first culture by leading developer-centric training programs, driving a "Security Champions" network, and creating self-service security components. •

Compliance & Risk Management:

Ensure applications comply with relevant industry frameworks and legal requirements (e.g., OWASP Top 10, ASVS, NIST, ISO 27001, SOC 2, HIPAA). •

Incident Response Support:

Provide deep technical expertise during application-layer security incidents. Required Technical Skills & Qualifications •

Experience:

8+ years of experience in software engineering, cybersecurity, or DevOps, with at least 4+ years dedicated explicitly to Application Security Architecture. •

Secure Engineering:

Deep understanding of modern application architectures (Microservices, Cloud-Native, Serverless, API-first design) and modern development frameworks. •

Cloud Security:

Proven experience securing applications hosted in major cloud environments (AWS, Azure, or GCP), including container security (Kubernetes) and Infrastructure as Code (IaC) scanning. •

Tooling Expertise:

Hands-on experience scaling and tuning DevSecOps tooling (e.g., Github Advanced Security, Snyk, SonarQube, Checkov, Veracode). •

Cryptography & Protocols:

Strong grasp of encryption standards, TLS, OAuth 2.0, OIDC, SAML, and secure key management.

Education/Certifications:

Bachelor's degree in Computer Science, Cybersecurity, or equivalent practical experience. Relevant certifications (e.g., CSSLP, CISSP, AWS Certified Security, CASE) are highly preferred. Core Competencies & Soft Skills •

Pragmatic Collaboration:

Ability to balance rigorous security requirements with business velocity, viewing engineering teams as customers rather than blockers. •

Influential Leadership:

Strong communication skills with the ability to articulate complex security risks to non-technical business stakeholders, executives, and developers alike. •

Analytical Problem Solving:

Exceptional capability to dissect complex software ecosystems, anticipate emerging threat vectors, and design elegant, scalable defenses. What Success Looks Like in This Role •

Shift Left:

Security is seamlessly baked into the design phase, drastically reducing the discovery of critical vulnerabilities in production. •

Developer Autonomy:

Engineers have clear, self-service security patterns and automated feedback loops, minimizing friction and security debt. •

Application Security Governance:

Validating and verifying security implementation across the product. •

Measurable Risk Reduction:

Transparent metrics (e.g., MTTR for critical flaws, reduction in repetitive vulnerability types) demonstrate a steadily shrinking application attack surface.