Application Security Architect

We are seeking a highly skilled and forward-thinking Application Security Architect to lead the integration of security into our software development lifecycle. The ideal candidate will have a deep understanding of secure coding practices, CI/CD pipeline security, and modern application architecture. This role is essential for partnering with our development, engineering, and DevOps teams to build a culture of security and to ensure our applications are secure by design. The Application Security Architect will also play a key role in aligning security initiatives with business goals, performing threat modeling exercises, and reducing application risk throughout the SDLC.

WHAT YOU'LL DO:

• Secure SDLC Leadership:
- Collaborate with development, engineering, and DevOps teams to embed security practices and controls at every stage of the development process.- Develop and enforce secure coding standards and provide guidance to development teams.- Establish and measure KPIs and metrics to track the effectiveness of secure development practices
• DevSecOps and Pipeline Security:
- Integrate and automate security testing tools (SAST, DAST, IAST, SCA) into the CI/CD pipeline to provide continuous security feedback.- Evaluate and implement runtime protection solutions such as RASP or CSPM tools to enhance production-layer visibility and control.- Champion "shift-left" security principles to identify and remediate vulnerabilities early in the development process.- Work with DevOps to secure containerized environments and orchestration platforms (e.g., Docker, Kubernetes).- Evaluate and maintain secure secrets management and identity integration within CI/CD workflows.- Define and maintain logging and alerting strategies for application-layer threats using SIEM or monitoring tools.- Support blue/green deployments and canary testing from a security perspective.
• Security Architecture and Design:
- Conduct security architecture reviews for new and existing applications, providing actionable recommendations to mitigate risks.- Develop and maintain security architecture standards and patterns for web, and mobile applications.- Evaluate and design API security strategies, including OAuth2, OpenID Connect, and rate limiting.- Lead the modernization of legacy application security architectures to align with current best practices.- Perform threat modeling and risk assessments for new features and product lines.- Evaluate and secure modern workloads such as serverless applications, infrastructure-as-code deployments, and ephemeral compute environments.
• Collaboration and Enablement:
- Serve as the primary security advisor for development and engineering teams on all application security matters.- Influence and drive security strategy across product lines, working closely with product management, compliance, and business stakeholders- Create and deliver security training and awareness programs to foster a security-first mindset among developers.- Develop and maintain security documentation, including architecture diagrams, security requirements, and best practice guides.- Act as a security evangelist, representing WorkWave at industry events, communities, and internal leadership meetings.- Familiarity with securing AI/ML pipelines or privacy concerns related to ML-driven features is a plus.

WHAT YOU'LL BRING:

• Education:
- Bachelor’s degree in Computer Science, Information Security, or a related field.- Industry certifications such as CISSP, CWAPT/CASS, CISM, CISA, or related are highly desirable
• Experience:
- 10+ years of experience in application security, with a proven track record of architecting and implementing secure development practices.- 3+ years of experience as a developer- Experience aligning security controls with data protection regulations (e.g., GDPR, HIPAA, CCPA) is a plus.- Extensive experience with DevSecOps and securing CI/CD pipelines.- Extensive experience with secure coding requirements like OWASP ASVS. - Hands-on experience with a variety of application security tools (e.g., SAST, DAST, SCA, IAST).- Strong background in application architecture, including microservices, APIs, and cloud-native technologies.- Experience with compliance frameworks such as PCI DSS, SOC 2, and ISO 27001.- Familiarity with threat modeling methodologies (e.g., STRIDE, PASTA, OCTAVE) is desirable
• Skills and Competencies:
- In-depth knowledge of secure coding principles, cryptography, and common application vulnerabilities (e.g., OWASP Top 10, NIST, GDPR).- Proficiency in scripting or programming languages (e.g., Python, Go, Java,TypeScript, Node.js).- Strong understanding of cloud security principles and experience with AWS (preferred) or Azure.- Strong understanding of IaC: Terraform, CloudFormation- Strong understanding of Secrets: Vault, AWS Secrets Manager- Strong understanding of Container Security: Trivy, Aqua, Anchore- Excellent analytical, problem-solving, and communication skills, with the ability to influence and lead cross-functional teams.- Ability to work independently and strategically to drive security initiatives forward.

WHAT DOES SUCCESS LOOK LIKE?

• Reduced time to remediate critical vulnerabilities through CI/CD automation
• Achieved 90%+ developer adoption of secure coding practices
• Designed reusable security patterns for APIs, identity, and secrets
• Built and scaled an application threat modeling program

WHAT YOU SHOULD KNOW ABOUT US: • We are laid back but buttoned up. We offer a casual work environment and remote work flexibility and have a passion for developing creative, innovative best in class solutions that directly contribute to the success of our customers• We care deeply and deliver service and solutions that make a real difference in the lives of our clients and their businesses• We openly accept others as they are and build strong partnerships based on trust• Teamwork and collaboration is key to help our colleagues and customers solve their challenges• Our team is energetic, fun, naturally inquisitive and eager to make an impact, we invite you to join us! LOVE WHAT YOU DO, NO MATTER WHERE YOU DO IT: • Join our Remote-First Global Work Community: WorkWave provides an innovative and dynamic remote-first Global Work Community that encourages growth, creativity, and collaboration. No matter what stage of your career or where you live, WorkWave is your place to be part of a global company with a startup feel, where your ideas matter and your growth is a priority. A GLOBAL COMPANY WITH A LOCAL PRESENCE: • We know that there are benefits of being in the office and working from home. WorkWave promotes a healthy work/life balance and provides employees with the flexibility of collaborating in the office or the option to work virtually if desired. Our teams are well versed at working collaboratively in a fully virtual environment. • Our HQ is based at our state of the art home office in the historic Bell Works complex located in Holmdel Township, New Jersey. We keep our offices available to all to use when working remotely isn’t feasible, or to help with cross training, team building and/or brainstorming. • We have employees in over 30 states, 7 countries and many regional offices - each with their own set of perks and opportunities to give back to the local community. • Whether you work remotely or take advantage of one of our offices, you’ll find a community of WorkWavers that value diversity, and care deeply about our products, clients, our communities and each other.RELAX, WE'VE GOT YOU COVERED: • Employees can expect a robust benefits package, including health and dental and 401k with company matchAND BEYOND...• Find your perfect work/life balance with our Flexible Time Off policy or generous PTO plan (role dependent) and paid holidays• Up to 4 weeks paid bonding leave• Tuition reimbursement• Robust Employee Assistance Program through TotalCare offering free counseling 24/7/365, plus financial counseling, legal guidance, adoption assistance services and much more!• 24/7 access to virtual medical care with Teladoc• Quarterly awards based on peer nominations• Regional discounts and perks• Opportunities to participate in charitable events and give back to the community GROW WITH US: • We understand the impact of attracting and keeping top talent and reward intellectual curiosity and a thirst for personal and professional growth• Encouraging our employees that already have an intimate knowledge of and passion for our products to apply for other roles within our walls just makes sense!• Our employees have access to extensive video libraries for soft skill and role specific training available 24/7 and live trainings are provided throughout the year JOIN OUR WINNING TEAM! • 10 Time winner of Best Place to Work in New Jersey by NJBiz!• WorkWave has been recognized with multiple awards for its outstanding products, growth and culture, including the Inc. 5000, SaaS Award, IT World Awards, Globe Awards, Silver Stevie Award for Employer of the Year, and Best Place to Work Inc. Magazine• Recently named one of The Software Report's 3rd annual list of the Top 100 Software Companies of 2022 (worldwide!) We’re an equal opportunity employer. All applicants will be considered for employment without attention to race, color, age, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status: Don't meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At WorkWave, we are dedicated to building a diverse, inclusive and authentic workplace, so if you feel like you could make a great impact in this role but your past experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may just be the right candidate for this or other roles!WorkWave supports salary transparency, however please note that salary estimates provided by websites (LinkedIn, Glassdoor, etc.) and not by WorkWave may not accurately reflect the actual salary range for the position.

Originally posted on Himalayas

Apply To this Job