APPLICATION SECURITY ARCHITECT JOB DESCRIPTION

A curated set of Application Security Architect job descriptions highlighting common duties, frameworks, and certifications.

Application Security Architect Job Description Template

1. About the Role

Reviewing a product's threat model while also coaching a development team on secure coding practices is a routine week for this role. Those two activities rarely live in the same function - but the Application Security Architect owns both. Most organizations running cloud-native stacks under frameworks such as OWASP SAMM or NIST 800-53 need someone who can evaluate architecture against those standards and translate the findings into developer-facing guidance that actually ships. The role sits within a security or engineering organization, answering to leadership with accountability for both the application security program and the secure development lifecycle.

2. Position Summary

The mandate of the Application Security Architect is to define and govern the security posture of software products, setting standards for threat modeling, vulnerability management, and secure design that engineering teams are held to across every release cycle. Working alongside R&D, DevOps, and IT architecture stakeholders, this role owns the application security roadmap and serves as the authoritative voice on AppSec decisions from design through production.

3. Why Join Us

Career Impact: Owning an organization's OWASP SAMM-aligned program and threat modeling standards establishes you as a named authority on application security architecture, a credential that carries weight across the software industry.

Business Impact: When an Application Security Architect defines and enforces secure design gates before code reaches production, the cost and frequency of post-release vulnerabilities measurably drop for the products and teams that depend on those standards.

Growth Opportunity: The skills sharpened here - security program leadership, DevSecOps pipeline design, and cross-functional advisory at the executive level - are the same ones that lead to roles such as CISO, VP of Security, or Principal Security Architect.

4. Key Responsibilities

  • Design and maintain the application security architecture framework, covering cloud-native and on-premises software portfolios.
  • Conduct threat modeling and architecture risk assessments for new products, features, and infrastructure changes to identify security gaps before deployment.
  • Define secure coding standards and promote their adoption throughout the software development process in collaboration with engineering teams.
  • Review application and API designs from a security and compliance perspective, providing actionable remediation guidance to developers and QA teams.
  • Lead vulnerability management for applications, prioritizing findings by risk and driving remediation efforts to closure with product and engineering stakeholders.
  • Perform security assessments including penetration testing and code analysis to validate security controls across applications at each release stage.
  • Mentor engineers and junior security team members on secure design principles, threat classification, and security testing methodologies.
  • Evaluate and improve security tooling and processes integrated into CI/CD pipelines to advance DevSecOps maturity across the organization.

5. Required Qualifications

  • Bachelor's degree in Computer Science, Information Systems, Engineering, or equivalent work experience.
  • 5 or more years of application security or security architecture experience, with demonstrated ownership of a security program or roadmap.
  • Working knowledge of application security frameworks such as OWASP SAMM, BSIMM, or the Microsoft Security Development Lifecycle.
  • Proficiency in threat modeling methodologies and the ability to coach engineering teams through structured threat analysis.
  • Solid understanding of authentication, authorization, cryptography, and API security concepts applied at the architecture level.
  • Experience integrating security testing and validation into CI/CD pipelines and software development processes.
  • Familiarity with security and privacy compliance standards such as NIST, ISO 27001, GDPR, or PCI-DSS in a software product context.
  • Strong written and verbal communication skills, with demonstrated ability to present technical risk findings to both engineering and non-technical leadership.

6. Preferred Qualifications

  • Professional security certification such as CISSP, CSSLP, CCSP, or OSCP, providing verified depth in application or cloud security domains.
  • Prior development experience in at least one language, enabling hands-on code review and deeper credibility with engineering teams.
  • Experience securing containerized and cloud-native environments, including workload orchestration, serverless architectures, and multi-cloud deployments.
  • Demonstrated ability to build and present security metrics and threat modeling outputs to senior executives or external stakeholders.

7. Success Metrics & Environment

  • Percentage of application releases cleared through formal security architecture review before production go-live.
  • Mean time to remediate high and critical vulnerabilities identified through internal assessments or penetration testing.
  • Number of threat models completed per quarter, reflecting active coverage of the product portfolio under review.
  • Shift-left adoption rate, measured by the proportion of development teams running automated security checks in their CI/CD pipelines.
  • Security training completion rate among engineering teams coached by this role, tracked per cycle.
  • Typical tools: SAST/DAST platforms (commonly Checkmarx, Veracode, or Burp Suite); threat modeling tools (commonly OWASP Threat Dragon or Microsoft Threat Modeling Tool).

8. Compensation & Benefits (US Market Benchmark)

  • Base Salary Range: $140,000 to $185,000 annually, depending on seniority and location
  • Bonus: 10% to 20% annual performance-based bonus, common at this level
  • Equity: RSUs or stock options offered at most mid-to-large technology employers
  • Health Benefits: Medical, dental, and vision coverage; employer contribution varies by company
  • PTO: 15 to 25 days per year, plus federal holidays and sick leave
  • Common Perks: Remote or hybrid work options, professional certification reimbursement, conference attendance budget


Figures are estimates based on general US market benchmarks and may be outdated. Adjust based on location, company size, and seniority level.

9. EEO & Legal

Employment contingent on successful completion of a background check, which may include criminal history and employment verification as permitted by law. All qualified applicants are considered without regard to race, color, religion, sex, national origin, disability, age, veteran status, or any other characteristic protected under applicable federal, state, or local law. Reasonable accommodations for applicants with disabilities are available throughout the hiring process upon request. Candidates must be authorized to work in the United States without sponsorship.

Application Security Architect Job Description Examples

1. Application Security Architect (Cloud Security Architecture)

Reporting to the ICG Technology Information Security Team, the Application Security Architect leads the design of secure cloud deployment guardrails for internal and public Cloud environments. Partnering with Cloud security domain architects, application development teams, and internal vulnerability assessment teams, the role reduces Internet-borne threats and strengthens compliance with Citi IS standards.


Primary Duties

  • Engage in initial requirements definition, including analysis of threats and risks and alignment with Citi IS and Architecture standards, for internal and public Cloud usage.
  • Work with the enterprise Cloud security team in design and development of security guardrails for secure deployment of applications in internal and public Cloud.
  • Conduct threat modeling and architecture risk analysis for Cloud deployment projects to identify security gaps and recommend remediation actions.
  • Plan the resolution of identified vulnerabilities and govern them for closure.
  • Perform security reviews of applications, including responsibility for driving requirements definition and risk analysis.
  • Facilitate and support threat and architecture reviews, scenario analysis, and red team exercises.
  • Provide SME support to projects and programs and reduce risk by analyzing root causes, their impact, and required corrective actions.


Skills & Qualifications

  • Industry certifications such as CISSP, CCSP, or other vendor certifications are highly preferred.
  • 5+ years of experience as an application security consultant, penetration tester, or security architect, with a focus on secure deployment of Cloud strategy.
  • SME-level knowledge of designing and implementing security guardrails for deploying applications in public Cloud environments.
  • In-depth understanding of public Cloud and application architectures and technologies.
  • Thorough understanding of industry and corporate technology standards for Information and Application Security.
  • Strong knowledge of software development and deployment methodologies in public Cloud environments.
  • Strong understanding of information security and risk analysis processes, including threat modeling.

2. Application Security Architect (Product Security)

Sitting at the intersection of cybersecurity and software development, the Application Security Architect leads implementation of security best practices for the Digital Solutions and Water Platform IT business. Operating across IT, R&D, and business unit teams, the role mentors developers on security and privacy and builds practices for security by design, supporting Danaher's cybersecurity initiatives.


Duties

  • Lead the implementation of security best practices and serve as the cybersecurity advisor to IT, R&D, and business unit resources.
  • Mentor developers on designing for security and privacy within applications.
  • Partner with senior leadership and the Danaher cybersecurity team on product security initiatives and best practices.
  • Build practices and procedures to deliver security by design as a core principle in software development.
  • Oversee and incorporate changes in the cyber threat landscape into product designs, tracking progress of security initiatives and escalating appropriately.
  • Identify and maintain target cybersecurity posture for cloud applications and support incident response planning and execution.
  • Incorporate security validation and vulnerability identification into product development, performing cybersecurity audits, monitoring, and metrics reporting.
  • Define product security direction and roadmap based on industry frameworks supporting business objectives and lead implementation of strategic cybersecurity initiatives.
  • Lead and perform threat modeling to prioritize investments and remediation activities and oversee cyber risk reduction within the product portfolio.
  • Design and lead incident response plans and playbooks and ensure penetration testing, monitoring, and issue resolution.
  • Partner on data privacy compliance of software products and detect, identify, and remediate cybersecurity threats.


Requirements

  • BA or BS degree in Cybersecurity or Computer Science, or equivalent work experience.
  • 3+ years of proven experience in a product security architect role with previous experience as an application developer.
  • Strong knowledge of threat detection, identification, and remediation, as well as cloud and IoT security best practices and relevant frameworks.
  • Experience as a security subject matter expert in a global, matrix organization, with the ability to partner with and influence senior-level cross-functional teams.
  • Ability to drive alignment and trade-off decisions, deal with conflict, manage expectations, and work independently to solve complex problems.
  • Excellent oral and written communication, collaboration, and interpersonal skills.
  • A positive, can-do attitude and openness to a stretch culture environment.

3. Application Security Architect (AWS Application Security)

A key member of the security architecture team, the Application Security Architect builds AWS-specific guidance and software security design standards for development teams. Collaborating across enterprise and security architects, the role performs security design reviews and threat modeling to keep critical systems aligned with OWASP best practices.


Functions

  • Work with security architects and enterprise architects to establish software security design standards.
  • Define AWS-specific guidance and best practices for application security.
  • Perform security design reviews to ensure systems comply with established software design standards.
  • Support new technologies and frameworks by providing security guidelines and solutions to development teams.
  • Provide security guidelines for new technologies and applications in AI and machine learning.
  • Perform comprehensive security assessments including threat modeling for critical assets.
  • Provide SME support to development teams on secure design principles and recommended frameworks.
  • Provide leadership across forums promoting security awareness, recommended solutions, and staying current on new threats, vulnerabilities, and OWASP best practices.
  • Provide web security guidelines and solutions to development teams on authentication, authorization, session management, data protection, encryption, and key management.


Experience & Qualifications

  • Bachelor's degree in Engineering.
  • 8+ years of working experience in cybersecurity, preferably in application security, architecture, or engineering.
  • Strong working knowledge of enterprise software technologies, application security, and infrastructure.
  • Working knowledge of the Microsoft Security Development Lifecycle, OWASP SAMM, or BSIMM.
  • Hands-on experience with encryption techniques and key management.
  • Good understanding of cloud deployment models, preferably AWS.
  • Familiarity with security frameworks such as NIST 800-53, CIS, ISO 27000 series, COBIT, and others.
  • Experience performing threat modeling on web applications.

4. Application Security Architect (Application Security Strategy)

Application security maturity across the enterprise depends on the Application Security Architect, who builds the 3-year application security capability roadmap and identifies security gaps for remediation. Based within Cybersecurity Services, the role partners with IT Architecture and DevSecOps teams and mentors junior security engineers to strengthen the company's network security posture.


Accountabilities

  • Create and drive the application security capability 3-year roadmap within Cybersecurity Services and respective IT stakeholders.
  • Influence change of control policies with Technology Risk Management and build strong partnerships with IT Architecture and DevSecOps partners.
  • Create IT security standards easily consumed by IT stakeholders.
  • Proactively identify application security gaps through discovery and partner with app dev teams for swift remediation.
  • Build application security patterns and designs as part of initiatives to modernize the company network security posture.
  • Evaluate existing application security controls on-premises and in the cloud, identify improvements, and build plans into the application security capability roadmap.
  • Mentor junior security engineers to enhance their security skills within Cybersecurity Services.
  • Maintain professional and technical knowledge by staying current with the evolving security landscape and cybersecurity frameworks.
  • Create white papers and present at industry conferences to demonstrate thought leadership in the security field.
  • Align risk and control processes into day-to-day responsibilities to monitor and mitigate risk, escalating appropriately.


Technical Qualifications

  • Bachelor's degree preferred with at least 7 years of related experience.
  • Strong cybersecurity experience across network, application (web, API), and public and private cloud security architecture, including web application firewalls and containers.
  • Experience in ethical hacking or vulnerability assessment on web apps, mobile, and thick-client applications using fuzzers, scanners, debuggers, and decompilers.
  • Experience performing code review in popular web application programming languages such as Java, JavaScript, C++, Python, and Perl.
  • Familiarity with common web stack technologies (HTTP, REST) and platforms such as AngularJS, Tomcat, .NET, and MS SQL.
  • Understanding of core cryptography concepts, Information Security frameworks (ISO 27001, NIST), and security architecture frameworks.
  • Experience architecting automated data center processes including provisioning, patch management, monitoring, and capacity planning using workflow design and implementation.
  • Experience in OS security (Windows, Linux) and RDBMS preferred.
  • Strong communication skills and the ability to present to large audiences.

5. Application Security Architect (Container & CI/CD Security)

As the Application Security Architect, this role builds threat models and standardizes the risk assessment process across container release platforms and CI/CD pipelines. The security engineering team relies on this work to integrate security architecture standards into Kubernetes and GitOps environments while supporting build and deployment projects.


Activities

  • Build threat models visually and via documentation, and work to standardize the process across the organization.
  • Assist the broader security engineering team to define and integrate security architecture standards.
  • Consult with engineering on challenging security questions.
  • Help design a large-scale transition to CI/CD pipelines and design to security best practices on container release platforms.
  • Review critical applications and their technology stack, leveraging GitOps, container release infrastructure, Kubernetes, and container ecosystems to define point controls.
  • Dig into code to seek deep understanding and help perform risk analysis of new and current build projects.
  • Participate in all manner of team projects including build, deploy, fix, and engineering team support.


Position Requirements

  • Background in container build environments and application security basics including HSTS, CSPs, and OWASP Top 10 exploitation paths and control mitigations.
  • Demonstrated knowledge of build concepts such as pipelines, runners, and security checks in early lifecycle build.
  • General understanding of old and new development patterns including release cycles, CI/CD, and code check-in and review.
  • Demonstrated experience conceptualizing and thinking about threat assessments and threat modeling in both release cycle and containerized environments.
  • Some development background, including building applications in at least one language, with excellent documentation skills.
  • A guardrail-not-gates mentality that prioritizes collaboration and practical security direction.
  • An insatiable desire to learn and grow.

6. Application Security Architect (Application Security Roadmap)

Application Security Architect leads the comprehensive application security roadmap, partnering with security, DevOps, and IT architecture teams to evaluate controls against NIST and ISO frameworks. Success in the position means closing security gaps, mentoring junior team members, and advancing a strong security culture across technology teams and the broader organization.


Operational Focus

  • Spearhead a comprehensive application security roadmap, working closely with security, DevOps, and IT architecture teams to ensure efficient implementation.
  • Evaluate application security controls and make recommendations for improvements aligned with standard architecture and InfoSec frameworks such as NIST and ISO.
  • Analyze security posture and identify gaps in existing programming, overseeing appropriate remediation efforts.
  • Serve as an advocate for a strong security culture within technology teams and the larger organization, staying current with industry developments and presenting findings to internal and external stakeholders.
  • Mentor junior members of the application security team.


Knowledge, Skills & Abilities

  • Bachelor's degree in Computer Science or related technical field preferred, with relevant certifications a plus (CISSP, CEH).
  • Minimum 6+ years in a related security role, with previous architecture and security strategy experience preferred.
  • Subject matter expertise in application security and the development of a secure CI/CD pipeline.
  • Prior experience spearheading shift-left initiatives a plus.
  • Hands-on experience with ethical hacking or vulnerability assessment tools including scanners, fuzzers, debuggers, and web application penetration testing.
  • Strong understanding of relevant security frameworks (NIST, ISO) and working familiarity with broader cybersecurity areas including network, cloud, and perimeter security.
  • Familiarity with common coding languages (Python, Java, C++, JavaScript, Perl) and the ability to lead code reviews.

7. Senior Application Security Architect (Application Security Program Maturity)

Embedded within the Cybersecurity organization, the Senior Application Security Architect builds and matures the Application Security program, defining application security standards and security testing standards for the business. Working closely with engineering, operations, and business partners, the role drives the DevSecOps Program framework and advances vulnerability management to strengthen the organization's security posture.


Core Functions

  • Mature the Application Security program and associated processes.
  • Define application security standards and security testing standards.
  • Assist in driving the strategic direction of the DevSecOps Program framework through partnerships with engineering, operations, and the business.
  • Assist in defining KPIs for the Application Security Program and advance program maturity and DevSecOps efficiencies.
  • Perform threat modeling and risk analysis of applications and back-end components.
  • Conduct application security testing, risk analysis reporting, and mitigation plan development.
  • Manage the Application Security Vulnerability Management Program.
  • Provide detailed technical reporting of security assessment results and mitigation strategies.
  • Participate in the evaluation and selection of vendors, security tools, and risk reporting systems.


Qualifications & Experience

  • Bachelor's degree or equivalent experience.
  • 10+ years of relevant experience, including 5+ years in cloud technologies and 5+ years as an application security consultant or security architect.
  • Deep understanding of offensive security and tool capabilities for assessing web apps, mobile apps, APIs, and infrastructure.
  • Strong knowledge of Blockchain and Smart Contract security.
  • Knowledge of OWASP SAMM, BSIMM, and similar Application Security frameworks, with ability to align the AppSec program accordingly.
  • Ability to identify compensating controls and provide practical technical guidance, including threat modeling, security design reviews, penetration testing, and bug bounty handling.
  • Thorough understanding of industry and corporate technology standards for Cybersecurity and Application Security.
  • Advanced analytical, problem-solving, and communication skills.
  • Demonstrated ability to manage multiple projects across cross-functional teams.

8. Application Security Architect (Cloud Threat Modeling)

The Application Security Architect develops and champions threat modeling training, workshops, and collaborative sessions for cloud-based and microservices development teams across the organization. Partnering with multiple development teams, the role designs threat models and security architecture solutions while publishing metrics that track and strengthen the organization's cybersecurity posture.


Key Deliverables

  • Develop and conduct training, workshops, and collaborative sessions related to threat modeling in cloud-based environments.
  • Champion threat modeling practices within development teams, promoting best industry standards and practices.
  • Partner with multiple development teams to gain in-depth knowledge of products in order to design threat models and security architecture solutions.
  • Lead training for development teams related to common vulnerabilities and secure coding practices.
  • Develop and publish meaningful metrics for threat modeling and use them to track improvements to the cybersecurity posture of product teams.
  • Remain current in the latest security technologies, methodologies, and best practices, especially as they relate to threat modeling in cloud and microservices environments.


Professional Experience

  • 5+ years of AppSec or Software Security-related work experience.
  • Expert-level knowledge of threat modeling practices, tools, and techniques.
  • Advanced knowledge of Cloud Security architectures, tools, and best practices.
  • Proficiency in secure software development practices, release planning, testing, and quality assurance (DevSecOps).
  • Familiarity with security and privacy frameworks, standards, and regulations such as GDPR, CCPA, CSA STAR, ISO 27000 series, and NIST.
  • Strong learning ability, self-drive, adaptability, and passion for security.
  • Comfortable leading conversations with both engineers and senior executives.

9. Application Security Architect (Cloud & PCI Security)

The Application Security Architect owns security architecture design reviews and risk assessments across cloud, application, and data security for the organization. Working closely with IT and business leaders, the role aligns application solutions with PCI, SOC, and cloud security best practices to reduce enterprise risk.


Key Responsibilities

  • Perform security architecture design reviews of products.
  • Design, plan, implement, manage, monitor, and upgrade security measures for the protection of the organization's data, systems, and networks.
  • Monitor, detect, investigate, and respond to breaches, including impact analysis and recommendations.
  • Formalize security architecture framework for applications.
  • Develop security architecture, design, and coding standards across cloud, applications, and data security.
  • Identify application and API workflows to ensure enforcement of security architecture.
  • Perform security risk assessments for all proposed application-related changes.
  • Perform code analysis of large applications using SAST and DAST scanning solutions and conduct manual vulnerability analysis.
  • Provide remediation guidance and recommendations to developers and administrators.
  • Engage with IT and business leaders to address complex design considerations to manage risk.
  • Align application solutions with PCI, SOC, and cloud security best practices.
  • Manage implementation and oversight of Data Governance Policy and various security controls across the enterprise.
  • Devise, review, and approve cybersecurity plans, security policies, controls, and cyber incident response planning.
  • Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.
  • Ensure cybersecurity policies and procedures are communicated to all personnel and that compliance is enforced.


Required Qualifications

  • Minimum 6 years of experience working with systems deployed on AWS or any other cloud, with 4+ years in designing security architecture.
  • Familiarity with Java, Docker, and Kubernetes, including securing cloud applications in AWS.
  • Demonstrated experience using DAST and SAST tools and services, with Contrast Security preferred.
  • Knowledge across security architecture, network security, authentication and authorization protocols (Okta preferred), cryptography, and application security.
  • Experience analyzing threats of cloud and application components and implementing security tools into CI/CD processes.
  • Understanding of security by design principles, NIST and PCI frameworks, OWASP.
  • Knowledge of current and emerging security threats and exploitation techniques.
  • Experience securing APIs, web applications, and Web Application Firewalls.
  • Intrinsic understanding of software development life cycles.
  • Excellent oral and written communication skills and proven project leadership abilities.

10. Application Security Architect (Application Risk Analysis)

Reporting to the security leadership team, the Application Security Architect oversees risk analysis and security architecture for new and existing applications, services, and platforms. Partnering with cross-functional product and engineering teams, the role designs and monitors security controls and performs threat modeling to mitigate identified risks.


Role Responsibilities

  • Act as an SME, set up security requirements, define security architecture, and perform risk analysis for products and solutions.
  • Analyze new and existing applications, services, and platforms to identify security risks.
  • Design, propose, improve, and monitor security controls to mitigate identified risks.
  • Perform threat modeling in accordance with defined strategy and policies.
  • Develop and maintain relevant security architecture documentation including strategy, policies, standards, baselines, guidelines, and design patterns.
  • Stay current with the evolving threat landscape.


Minimum Qualifications

  • Recent experience in a security architectural or design role, with experience conducting threat modeling and defining security requirements.
  • Experience with security reference architectures for high-load systems and experience designing and implementing security controls.
  • Solid understanding of common attack vectors, design gaps, and vulnerabilities.
  • Experience securing IaaS, PaaS, and SaaS services, including mobile security for iOS and Android, and securing applications in hybrid and cloud deployments.
  • Current understanding of compliance requirements such as GDPR, PCI-DSS, and SOX.

11. Application Security Architect (Global Delivery Services)

Embedded within the Information Security organization, the Application Security Architect develops security artifacts and requirements for project teams across Global Delivery Services. Working closely with the Security Consulting team, development and operations teams, and project stakeholders, the role performs risk assessment and risk management for applications and infrastructure solutions, influencing due diligence on security controls.


Areas of Ownership

  • Act as a security liaison between development and operations teams and the Information Security organization.
  • Collaborate with the Security Consulting team and project team members.
  • Influence project teams and other stakeholders on security controls and due diligence.
  • Perform risk assessment and risk management for applications and infrastructure solutions.
  • Develop and deliver security artifacts and security requirements to project teams.


Background & Experience

  • Two or more years of technical experience in the development of information systems, with two years of technical or non-technical experience in Information Security.
  • An SSCP or Associate of ISC(2) designation with SAP experience.
  • Experience in a technical arena such as networking, development, or administration, including experience in a global organization.
  • Knowledge of information security standards, principles, and practices.
  • Understanding of IT risk and familiarity with the OWASP Top 10 application security risks.
  • Application security and some development experience, with an appreciation for technological innovation.
  • Strong organizational and communication skills.
  • Curiosity, initiative, and ability to juggle multiple projects and priorities.

12. Application Security Architect (Cloud & SaaS Security)

Sitting at the intersection of application security and cloud security, the Application Security Architect oversees remediation priorities for the product, R&D, and DevOps teams. Operating across SaaS environments and CI/CD pipelines, the role develops security standards, performs penetration testing, and supports pre-sales security questionnaires for potential customers.


Job Functions

  • Work to obtain the right mandate to ensure products or services are launched with appropriate security controls.
  • Continually monitor security systems and prioritize remediation for the product, R&D, and DevOps teams.
  • Provide security standards, requirements, and guidelines for securing products.
  • Take part in the development lifecycle and integration of security features into all phases of software design and development.
  • Assist with reviewing architecture and design for new products, features, and services.
  • Identify and facilitate remediation of application and cloud security exposures and vulnerabilities, including code reviews, threat modeling, and penetration testing.
  • Research new application security tools and technologies and evaluate options that enhance security capabilities.
  • Perform periodic application-level penetration tests on major features and versions, and coordinate third-party penetration tests and security assessments.
  • Work collaboratively with development teams on secure design and threat modeling, and perform training on Secure-SDLC and secure development.
  • Provide support for pre-sales activities and potential customers' security questionnaires.


Education & Experience

  • CISSP, CISM, CCSP, and OSCP certifications.
  • 3+ years of experience in Application Security or Cloud Security within R&D, with 2+ years in application risk assessments, penetration testing, code review, and SSDLC procedures.
  • Technical background as a developer with experience in secure coding techniques.
  • Experience in Cloud technologies, SaaS environments, and microservices architecture, with proficiency in cloud technologies and the ability to design and develop frameworks to secure CI/CD pipelines.
  • Deep understanding of cybersecurity frameworks such as MITRE and OWASP.
  • Deep knowledge in web and application security, and familiarity with threat modeling methodologies such as STRIDE and RRA.
  • Knowledge of security solutions including web application firewalls, DB firewalls, vulnerability scanners, and RASP, DAST, and SAST solutions, as well as CI tools and methodologies.
  • Excellent English communication skills, both verbal and written.

13. Application Security Architect (Cloud & VoIP Product Security)

A key member of Mitel's product security team, the Application Security Architect develops security solution designs based on industry best practices and compliance requirements. Collaborating across R&D, DevOps, and product line management, the role reviews architecture for security and privacy compliance and supports product security incident response.


What You'll Do

  • Generate security solution designs based on in-depth knowledge of industry best practices, evolving technologies, and compliance requirements.
  • Analyze current products and services, assess implementation complexity for new controls, recommend adoption strategy, and work with PLM and development teams to drive iterative improvements.
  • Act as a security architecture and technology expert resource to support product teams implementing security requirements in upcoming releases.
  • Review product, service, and operations architectures and designs from a security and privacy compliance perspective.
  • Identify best practices in secure software development and champion process improvements within Agile and DevOps development methodologies.
  • Participate in advanced customer engagements providing security technical guidance within a customer-centric context.
  • Provide technical assistance to product security incident responses, working with development teams and potentially interacting directly with reporting security researchers.


Required Qualifications

  • Relevant Engineering or Computer Science degree, or equivalent technical experience.
  • Professional security certification such as CSSLP.
  • Minimum 9 years of experience including architecture and software development roles.
  • Broad expertise across multiple products and technologies, including knowledge of GCP containers, AWS serverless security frameworks, and VoIP, communications, and collaboration applications.
  • Security expertise in applying security concepts and technologies to product architecture and software development.
  • Experience with regulatory and industry compliance requirements such as GDPR, PCI, HIPAA, and FIPS.
  • Experience engaging with both technical development teams and non-technical stakeholders.
  • Good written and spoken English communication skills.

14. Application Security Architect (Security Consulting)

Application security across customer projects depends on the Application Security Architect, who oversees security audits covering architecture, implementation, and code review. Serving as a security advisor to development teams, BAs, and QAs, the role refines secure development activities throughout the SDLC and supports pre-sales security estimations.


Day-to-Day Responsibilities

  • Perform security audits for ongoing projects, covering both architecture and implementation and code review.
  • Contribute to building secure architecture and design for new projects or correcting existing ones.
  • Work as a security advisor, helping to establish secure development activities in SDLC end-to-end.
  • Perform security training for development teams.
  • Communicate with customers and teams to convey the importance of security, the ways of establishing it, and the wrong ways of enforcing it.
  • Communicate with all sub-teams including BAs, developers, and QAs, building consistent understanding of security requirements, main threats, and implemented mitigations.
  • Coordinate work with other security teams including infrastructure security experts and penetration testers.
  • Work as a consultant answering questions related to security in development and support pre-sales activities ensuring security is addressed in budget and effort estimations.


Qualifications & Experience

  • Knowledge of at least one security development methodology such as Microsoft SDL or OWASP CLASP.
  • Knowledge of main security-related activities in development such as risk and privacy assessment, threat modeling, and security code review.
  • Deep understanding of the nature and classification of security threats, including common implementations such as XSS, SQL Injection, XSRF, buffer overruns, brute force, rainbow tables, and DoS.
  • Understanding of main security principles, areas of protection, levels of defense, and mitigation mechanisms for each threat type.
  • Good knowledge of security features and mechanisms provided by at least one OS and one development platform or technology such as Java or .NET.
  • Familiarity with security standards such as PCI DSS, HIPAA, NIST, and Common Criteria, and the tools for static code analysis, penetration testing, and intrusion detection.
  • Understanding of basic principles of infrastructure security and penetration testing and ability to use relevant tools.

15. Application Security Architect (PCI Compliance & Cloud Security)

As the Application Security Architect, this role advances secure design, build, operation, and assessment across the Financial Instance Issuance Managed Service Operations and Cloud product. The Security Architecture team relies on this work to maintain PCI compliance and to guide architecture leadership across business, product management, DevOps, IT, and OT teams.


Scope of Work

  • Support the Security Architecture team with responsibility for enterprise security architecture, strategy, and roadmap prioritization.
  • Architect and design security solutions that enforce security consistently across internally developed, COTS, and cloud-based applications.
  • Perform security architecture reviews for COTS and internally developed projects supporting safe and compliant production go-live.
  • Participate in design reviews and provide design support to development teams as needed.
  • Develop and evangelize application security policy, standards, and guidelines.
  • Identify and support design architecture patterns and anti-patterns to support initiatives across the enterprise.
  • Assess varied SDLC processes and promote adoption of secure SDLC practices, including procedures to automate security tasks during code builds, testing, and deployments.
  • Analyze information security systems and applications, recommend security measures, and evaluate new and emerging security technologies.
  • Explain and demonstrate vulnerabilities to developers and QE teams, providing remediation recommendations and requirements for identified application and system vulnerabilities.
  • Lead secure integration design with platforms such as Splunk, ArcSight, Threat Analytics, and UEBA, while working with SOC and TVM teams.
  • Support and conduct penetration testing and white box and black box security testing of internally developed applications.
  • Respond to, resolve, or escalate security incidents, report unresolved exposures and noncompliance, and mentor junior and cross-functional team members.


Skills & Qualifications

  • Bachelor's Degree in Computer Science, Information Systems, or a related discipline, or equivalent work experience.
  • Industry-recognized security certifications such as CISSP, CISM, or GIAC.
  • 5+ years of development and architecture experience.
  • Hands-on knowledge of identity, authentication, and authorization standards including SAML, OAuth 2, OpenID Connect, SCIM, XACML, IDaaS, IAM/G, LDAP, and RADIUS.
  • Hands-on and design experience with AWS IaaS and PaaS services, SQL databases, REST, application servers, load balancers, NodeJS, AWS Lambda, proxies, and key management systems.
  • Security architecture and detailed design skills for infrastructure components including network, security, server, storage, backup, virtualization, and public cloud platforms.
  • Knowledge and experience with security attack patterns, threats, vulnerabilities, and risk management processes, including experience with PCI frameworks and audit engagements.

16. Application Security Architect (Embedded & Cloud Security)

Application Security Architect refines code-level security for Attabotics products across embedded, on-premise, and cloud solutions, reporting to the Director of Software Solutions. Success in the position means owning vulnerability remediation, evolving the security architecture, and partnering with Engineering teams to balance complexity, performance, and risk.


Work Activities

  • Review the state of codebases, pipelines, release gates, and servicing methodologies, and evolve the security architecture for embedded, cloud-based, and on-premise software.
  • Lead security reviews and risk assessments for all software on an ongoing basis, and develop a roadmap for addressing security technical debt followed by a stay-safe posture.
  • Drive progress on the security roadmap with stakeholders through a unified dashboard to hold all parties accountable.
  • Define and reinforce secure coding practices throughout the SDLC and drive adoption of standardized methodologies, libraries, and tools.
  • Provide expert advice and coaching to engineering teams and leadership, guiding teams in new feature security reviews and threat modeling.
  • Conduct internal penetration testing and security scanning using appropriate tools and work with third-party security assessment and penetration testing vendors as needed.
  • Provide solutions to remediate security flaws and facilitate rapid corrective action for high-impacting issues.
  • Partner with Engineering and QA teams to ensure security testing objectives are met and adoption of security best practices in testing, automation, and CI/CD pipelines.
  • Document compliance with regulatory guidelines, author externally facing security communications, and stay current on emerging security threats and controls.


Requirements

  • Bachelor's Degree in Computer Science or related field, or equivalent industry experience.
  • 5+ years of experience in a Security Engineering role with a specific focus on vulnerability management and secure coding.
  • Thorough understanding of software security vulnerabilities, including OWASP Top 10.
  • Solid understanding of application and database security concepts around authentication, authorization, session management, configuration management, data handling, and cryptography.
  • Ability to assess vulnerabilities associated with Linux and Windows operating systems, cloud provider ecosystems (Azure, AWS, GCP), open-source components, Docker, and Kubernetes.
  • Familiarity with cybersecurity frameworks and regulations such as NIST, CIS, ISO 27001 and 27002, and EU GDPR.
  • Prior experience in threat modeling with the ability to coach others, and experience in domain-driven design decisions and trade-offs.
  • Prior development experience in languages such as C# (preferred), C, C++, JavaScript, TypeScript, or Python, with Rust experience a plus.
  • Proficiency with Azure DevOps and strong understanding of networking.
  • Excellent written and verbal communication skills.

Editorial Process and Content Quality

This content is developed by the Lamwork Editorial Team using structured analysis of real-world job data, skill requirements, and hiring patterns.

Research framework by Lam Nguyen, Founder & Editorial Lead.

Reviewed by Thanh Huyen, Managing Editor.

Learn more about our editorial standards.