Application Security Architect

ServiceLink is modernizing the mortgage services industry through AI‑accelerated engineering, intelligent automation, and next‑generation software delivery practices. We empower the nation’s top lenders and financial institutions with advanced technology, data‑driven insights, and high‑velocity product development models.

We’re not just evolving legacy workflows - we’re redefining how software is designed, built, tested, and deployed. Generative AI, autonomous systems, and continuous delivery are core to how we operate. Innovation isn’t optional here - it’s the expectation.

If you’re passionate about transforming engineering organizations and operationalizing AI‑driven development models at enterprise scale, you’ll thrive at ServiceLink.

About the Role

We need a builder‑leader who combines strong architecture judgment with hands‑on execution. This role owns the secure architecture direction for a large, cloud‑native financial services platform on Azure handling sensitive customer data and is expected to personally implement key controls while leading others to scale.

Success means reducing real risk in production systems through shipped controls, faster secure delivery, and measurable coverage improvements.

• 50% hands‑on engineering: build reference implementations, improve pipelines, validate controls in real services
• 30% technical leadership: architecture decisions, threat modeling, secure design reviews, backlog direction
• 20% enablement and communication: standards, coaching, leadership reporting, audit‑ready evidence

Outcomes You Own

• Secure‑by‑default patterns are adopted across .NET, Python, and SPA services
• High‑risk authN/authZ and PII exposure paths are identified and remediated
• Identity‑first service‑to‑service architecture is operationalized (managed identities, token patterns, least privilege)
• Security testing and policy checks are integrated into CI/CD with clear ownership and SLAs
• Security posture is measurable with trendable metrics, not one‑time reports

What You'll Do

• Build and publish production‑ready security reference architectures and reusable templates
• Lead threat modeling and design reviews for new and materially changed services
• Own RBAC and authorization architecture, including endpoint‑to‑data classification and least‑privilege mapping
• Design and drive managed identity adoption for SQL, Cosmos DB, and service‑to‑service communication
• Implement container and Kubernetes hardening controls, including image trust, patch cadence, and egress guardrails
• Evaluate and tune SAST, SCA, DAST, IaC, container, and secret scanning against real codebases and deployment patterns
• Define AI/LLM security guardrails, including prompt‑injection defenses, model/data access controls, and safe‑use patterns for engineering teams
• Lead chaos engineering exercises to validate security controls and resilience under failure and attack scenarios
• Define risk‑based security gates in Azure DevOps and partner with engineering on pragmatic exception handling
• Convert third‑party pen test and internal findings into durable engineering fixes and regression checks
• Mentor engineers and junior security staff through design pairing, code review, and incident retrospectives
• Present architecture decisions, risks, and remediation progress to technical and executive stakeholders
• Publish a target‑state application security architecture with prioritized implementation roadmap
• Deliver two reference implementations (one API service, one data‑access service) showing secure patterns end‑to‑end
• Stand up baseline threat‑model workflow for all tier‑1 services with tracked remediation outcomes
• Define and launch security scorecard metrics (coverage, MTTR, policy exceptions, high‑risk exposure trends)
• Complete toolchain fit assessment with keep/replace recommendations and rollout plan

Must‑Have Qualifications

• 7+ years in application security, security engineering, or software engineering with significant security architecture ownership
• Proven delivery in cloud‑native Azure environments (AKS, App Services, Entra ID, Managed Identities)
• Deep experience with microservice/API security, authentication/authorization, secrets management, and data protection
• Strong practical threat modeling and secure design review experience tied to shipped outcomes
• Hands‑on experience integrating security controls into CI/CD workflows (Azure DevOps preferred)
• Ability to code and review implementation quality in at least one major backend stack (.NET or Python preferred)
• Demonstrated ability to drive cross‑team adoption, resolve trade‑offs, and deliver under business constraints

Nice‑to‑Have Qualifications

• Financial services or similarly regulated environment experience
• Kubernetes network policy and runtime hardening depth
• Experience building security metrics programs and engineering SLAs
• Background partnering with offensive security and incident response teams

What Good Looks Like (12 Months)

• Material reduction in overall findings
• Consistent security controls across new services by default, with fewer one‑off exceptions
• Clear, trusted security metrics used in engineering and leadership planning

Equal Opportunity Employer

ServiceLink, its affiliates, and subsidiaries are Equal Opportunity Employers. All qualified applicants will receive consideration without regard to race, color, religion, sex, age, disability, protected veteran status, national origin, sexual orientation, gender identity or expression, genetic information, or any other protected characteristic.