Application Security Architect

Summary

Join WorkWave as an Application Security Architect to lead the integration of security into the software development lifecycle. Collaborate with development, engineering, and DevOps teams to embed security practices and controls throughout the development process. Develop and enforce secure coding standards, integrate security testing tools into the CI/CD pipeline, and conduct security architecture reviews. Perform threat modeling and risk assessments, and serve as the primary security advisor for development and engineering teams. Create and deliver security training programs, and maintain security documentation. The ideal candidate will have 10+ years of experience in application security, a deep understanding of secure coding practices, and experience with DevSecOps and securing CI/CD pipelines.

Requirements

• Bachelor’s degree in Computer Science, Information Security, or a related field
• 10+ years of experience in application security, with a proven track record of architecting and implementing secure development practices
• 3+ years of experience as a developer
• Extensive experience with DevSecOps and securing CI/CD pipelines
• Extensive experience with secure coding requirements like OWASP ASVS
• Hands-on experience with a variety of application security tools (e.g., SAST, DAST, SCA, IAST)
• Strong background in application architecture, including microservices, APIs, and cloud-native technologies
• Experience with compliance frameworks such as PCI DSS, SOC 2, and ISO 27001
• In-depth knowledge of secure coding principles, cryptography, and common application vulnerabilities (e.g., OWASP Top 10, NIST, GDPR)
• Proficiency in scripting or programming languages (e.g., Python, Go, Java,TypeScript, Node.js )
• Strong understanding of cloud security principles and experience with AWS (preferred) or Azure
• Strong understanding of IaC: Terraform, CloudFormation
• Strong understanding of Secrets: Vault, AWS Secrets Manager
• Strong understanding of Container Security: Trivy, Aqua, Anchore
• Excellent analytical, problem-solving, and communication skills, with the ability to influence and lead cross-functional teams
• Ability to work independently and strategically to drive security initiatives forward

Responsibilities

• Collaborate with development, engineering, and DevOps teams to embed security practices and controls at every stage of the development process
• Develop and enforce secure coding standards and provide guidance to development teams
• Establish and measure KPIs and metrics to track the effectiveness of secure development practices
• Integrate and automate security testing tools (SAST, DAST, IAST, SCA) into the CI/CD pipeline to provide continuous security feedback
• Evaluate and implement runtime protection solutions such as RASP or CSPM tools to enhance production-layer visibility and control
• Champion "shift-left" security principles to identify and remediate vulnerabilities early in the development process
• Work with DevOps to secure containerized environments and orchestration platforms (e.g., Docker, Kubernetes)
• Evaluate and maintain secure secrets management and identity integration within CI/CD workflows
• Define and maintain logging and alerting strategies for application-layer threats using SIEM or monitoring tools
• Support blue/green deployments and canary testing from a security perspective
• Conduct security architecture reviews for new and existing applications, providing actionable recommendations to mitigate risks
• Develop and maintain security architecture standards and patterns for web, and mobile applications
• Evaluate and design API security strategies, including OAuth2, OpenID Connect, and rate limiting
• Lead the modernization of legacy application security architectures to align with current best practices
• Perform threat modeling and risk assessments for new features and product lines
• Evaluate and secure modern workloads such as serverless applications, infrastructure-as-code deployments, and ephemeral compute environments
• Serve as the primary security advisor for development and engineering teams on all application security matters
• Influence and drive security strategy across product lines, working closely with product management, compliance, and business stakeholders
• Create and deliver security training and awareness programs to foster a security-first mindset among developers
• Develop and maintain security documentation, including architecture diagrams, security requirements, and best practice guides
• Act as a security evangelist, representing WorkWave at industry events, communities, and internal leadership meetings

Preferred Qualifications

• Industry certifications such as CISSP, CWAPT/CASS, CISM, CISA, or related are highly desirable
• Experience aligning security controls with data protection regulations (e.g., GDPR, HIPAA, CCPA) is a plus
• Familiarity with threat modeling methodologies (e.g., STRIDE, PASTA, OCTAVE) is desirable
• Familiarity with securing AI/ML pipelines or privacy concerns related to ML-driven features is a plus

Benefits

• Health and dental
• 401k with company match
• Flexible Time Off policy or generous PTO plan (role dependent)
• Paid holidays
• Up to 4 weeks paid bonding leave
• Tuition reimbursement
• Robust Employee Assistance Program through TotalCare offering free counseling 24/7/365, plus financial counseling, legal guidance, adoption assistance services and much more!
• 24/7 access to virtual medical care with Teladoc
• Quarterly awards based on peer nominations
• Regional discounts and perks
• Opportunities to participate in charitable events and give back to the community
• Remote work flexibility