Senior Application Security Architect

Job not on LinkedIn

🔥 0 minutes ago

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

EXL

WebsiteLinkedInAll Job Openings

10,000+ employees

💰 $2M Venture Round on 2015-01

Choosing a digital partner is about more than capabilities — it’s about collaboration and character.

📋 Description

• Serve as the security architecture authority within the architecture organization, partnering with product architects, principal engineers, cloud partners (AWS, Azure, GCP), and business leaders to embed secure-by-design principles into hardware appliances, multi-tenant SaaS platforms, and globally distributed cloud infrastructure. • Coach and support developers in writing secure code, including secure patterns, common vulnerability classes, and secure use of frameworks and libraries. • Provide timely consulting on “how to do it right” (architecture, implementation details, and operational considerations) and help teams choose secure-by-default approaches. • Triage findings from SAST, SCA, DAST, container and IaC scanning; investigate, validate, and resolve false positives; and help teams prioritize true risk. • Partner with teams to tune security tools, reduce noise, and improve signal quality (rules, suppressions, baselines, and exception processes) while maintaining strong security posture. • Drive adoption of CNAPP, CWPP, WAF, service mesh security, API gateways, SIEM/SOAR, and cloud-native telemetry for protective monitoring, runtime defense, and incident-ready detection. • Conduct Secure by Design reviews for new applications and material changes to existing applications, validating security requirements and design decisions early. • Lead and facilitate threat modeling workshops; identify abuse cases, trust boundaries, and attack paths; and document mitigations and residual risk. • Review authentication/authorization design, data flows, secrets handling, logging/monitoring, and resiliency controls to ensure secure architectures. • Provide clear, actionable recommendations and track follow-through with engineering teams. • Translate regulatory and compliance requirements (FedRAMP, SOC2, ISO 27001, NIST SP 800-53, CSA CCM, SOX) into actionable, measurable, and auditable security architecture control objectives—shifting from audit-driven to architecture-driven alignment.

🎯 Requirements

• 8+ years related IT experience; 5+ years' experience in security application tools • 6+ years' experience in application security reviews of new architecture; 5 + years of experience with public and hybrid cloud (AWS, Azure and GCP) environments. • Strong software development background with the ability to read, understand, and advise on production code and design decisions. • Demonstrated expertise in threat modeling and secure architecture review for modern web and API-based applications. • Expertise securing CI/CD and SDLC processes (pipeline security, secrets management, artifact integrity, build/release controls, and automation). • Experience with application security tooling and processes, including managing findings and resolving false positives (SAST/SCA/DAST and related scanning in pipelines). • Working knowledge of AI/ML security risks and mitigations for applications that use ML models or GenAI components. • Strong collaborative and consulting skills ability to influence without authority, communicate clearly, and deliver pragmatic, developer-friendly recommendations.