Application Security Architect

Responsibilities The Application Security Architect partners with software development, platform, cybersecurity, and cloud engineering teams to embed security throughout the modern software development lifecycle (SDLC). The role focuses on secure‑by‑design practices, DevSecOps strategy, roadmap and enablement, and risk‑based vulnerability management across internally developed, third‑party, SaaS, and cloud‑native applications. The AppSec Architect serves as the strategic owner of the Application Security Roadmap, defines target‑state AppSec maturity aligned to business growth, and prioritizes AppSec investments and tooling rationalization. The role serves as a trusted advisor to development teams and the key contributor to the organization’s overall Secure Software Development Program. Key Responsibilities Embed application security controls into CI/CD pipelines, including automated SAST, DAST, IAST, SCA, secrets detection, and IaC scanning. Establish standardized security controls across platforms. Design exceptions and compensating controls. Partner with development teams to implement shift‑left security while maintaining delivery velocity. Define and maintain secure coding standards, security design patterns, and reference architectures. Participate in architecture and design reviews, including threat modeling for new applications and major changes. Perform research and development (R&D) into existing processes and tooling opportunities. Application & Cloud Security Assessment Identify and assess security risks in web, mobile, API, SaaS, and cloud‑native applications developed internally or by third parties. Perform or coordinate: Source code reviews (manual and automated) Application vulnerability assessments and penetration tests API and microservices security testing & analysis Cloud configuration and IaC security reviews Validate findings, reduce false positives, and prioritize remediation based on business risk. Establish reusable security architecture patterns for cloud‑native and distributed systems. Vulnerability & Risk Management Manage application security findings through a centralized vulnerability or risk management platform. Work with development teams to define practical, risk‑based remediation guidance. Track remediation progress, verify fixes, and support exception/risk acceptance processes. Contribute to application security metrics, KPIs, and executive‑level reporting. Translate technical debt and vulnerabilities into business risk and exposure. Open Source & Supply Chain Security Assess and manage risks related to open‑source dependencies, libraries, and third‑party components. Support Software Composition Analysis (SCA) and software supply chain security initiatives (e.g., dependency hygiene, SBOMs). Evaluate security posture of third‑party applications and vendors in collaboration with risk management team. Verify compliance with third‑party component licensing models. Software Compliance Lead software compliance activities related to application vulnerabilities, data exposure, or insecure design. Support application‑related forensic analysis and root‑cause investigations. Assist with compliance and assurance activities related to secure development (e.g., NIST, ISO, SOC, internal audits). Enablement & Education Develop and deliver application security training for developers and cybersecurity teams. Provide hands‑on guidance and documentation to improve developer security maturity. Act as a security champion advocate, helping teams make informed security decisions. Required Education, Experience, and Skills High School Diploma/GED Required. Bachelor’s Degree (Technical Degree Preferred) and 6 Years Relevant Experience OR 8 Years Relevant Experience. 1–2+ years of combined experience across software engineering, platform/cloud engineering, application security, & DevSecOps / SRE with strong cybersecurity ownership preferred. 5+ years in hands‑on software engineering or platform/cloud engineering preferred. 7+ years in application security, DevSecOps, or secure architecture preferred. Strong understanding of modern SDLCs, Agile, and CI/CD practices. Hands‑on experience with at least one major programming language (e.g., Java, C#, Python, JavaScript). Practical knowledge of: Web, mobile, and API security Authentication and authorization models (OAuth2, OIDC, JWT, SAML) OWASP Top 10 and API Top 10 Familiarity with cloud platforms (AWS, Azure, and/or OCI) and cloud‑native services. Working knowledge of networking fundamentals, encryption, and secure communications. Excellent written and verbal communication skills, with the ability to translate security risk into business impact. Preferred / Beneficial Qualifications Experience with application security tools such as SAST, DAST, IAST, SCA, secrets scanning, or IaC security platforms. Experience securing containers, Docker, and serverless workloads. Knowledge of Infrastructure as Code frameworks (e.g., Terraform, CloudFormation). Familiarity with threat modeling frameworks (e.g., STRIDE). Security or development certifications such as: CSSLP, CISSP, GWAPT, GWEB, OSWE, or equivalent. Cloud security certifications (AWS, Azure, or GCP). Behavioral & Professional Expectations Strong collaboration skills; ability to influence without authority. Comfortable balancing security risk with business and delivery priorities. Highly organized, detail‑oriented, and self‑directed. Customer‑service mindset toward internal development teams. Ability to remain effective in fast‑paced, evolving technical environments. Commitment to confidentiality, ethical conduct, and continuous improvement. Additional Information Travel: 0–25% (as needed). Work hours may occasionally include non‑standard hours to support critical releases or incidents. Job level and scope may be adjusted based on experience and qualifications. Experience Level Adjustment Should the selected candidate meet the qualifications of a more experienced level in the career path, the job level may be adjusted. Benefits Medical, Dental, Vision and Prescription Drug Program Retirement 401(k) Traditional or Roth Program Options with Company Match Vacation and Holidays Parental Leave Short Term and Long Term Disability Leave Flexible Spending Accounts Tuition Assistance Program Employee Assistance and Mental Health/Substance Abuse Program Life Insurance, Accidental Death and Dismemberment Insurance Supplemental Insurance including Hospital Indemnity, Critical Illness and Accident Insurance Additional Wellness Programs and Rewards Available EEO Statement Altec Industries, Inc. and its affiliates are equal opportunity employers and maintain affirmative action plans to recruit, retain, develop, and promote qualified individuals without unlawful consideration of race, gender, color, religion, sexual orientation, gender identity, national origin, age, disability, citizenship status, veteran status, or any other characteristic protected by federal, state or local law. Altec strives to maintain a work environment free from unlawful discrimination and harassment, where associates are treated with respect and dignity. #J-18808-Ljbffr Altec Industries