Senior Application Security Architect

Senior Application Security Architect

Job Description

[Up to c. $1,200 per day | Contract | Remote Working - *NYC Location Preferred]

Role Overview

We’re supporting a large, globally distributed financial institution undergoing a significant technology modernisation programme, including cloud migration and application transformation at scale. As part of this journey, the organisation is strengthening its application security architecture capability with a senior, contract-based architect who can provide deep technical leadership across complex application estates. This role is firmly hands-on and advisory, sitting above day-to-day delivery but close enough to engineering to influence real outcomes. You’ll shape application security patterns, guide secure-by-design decisions, and act as a trusted technical authority for development, platform, and transformation teams operating across regions...

Key Responsibilities

• Lead security architecture reviews across enterprise applications, APIs, and digital platforms, with a strong focus on cloud migration initiatives
• Define and evolve application security reference architectures, patterns, and guardrails that can be reused consistently across programmes
• Provide technical direction to delivery teams, ensuring security requirements are embedded early in application and platform design
• Perform and facilitate application threat modelling exercises, translating risk into practical, proportionate security controls
• Partner closely with software engineers, solution architects, DevSecOps teams, and infrastructure groups to identify and mitigate application-layer risks
• Establish and maintain application security standards covering APIs, microservices, cloud-native workloads, and integration patterns
• Advise on the selection and use of application security tooling, including testing, protection, and secrets management technologies
• Assess applications for security weaknesses and provide clear remediation guidance aligned with enterprise risk appetite
• Track emerging application security threats and industry practices, feeding insights back into architecture and standards

What You’ll Bring…

• 8+ years’ experience across information security, with 5+ years operating specifically at an application security architecture level
• Proven background designing and applying enterprise-scale application security architectures in complex organisations
• Strong expertise in API security, modern application patterns, and distributed system design
• Hands-on experience supporting digital transformation programmes, including DevSecOps, microservices, and cloud-native architectures
• Deep understanding of web and application-layer risks, including OWASP Top 10 and common exploitation paths
• Practical experience with application security tooling such as SAST, DAST, penetration testing platforms, WAFs, and secrets/certificate management
• Strong grasp of security architecture principles including defence-in-depth, least privilege, and secure-by-design
• Ability to assess current-state vs future-state architectures and clearly articulate gaps and remediation strategies
• Familiarity with major security frameworks and standards (e.g. NIST, ISO 27001, CSA, SCF) and how to apply them pragmatically
• Excellent stakeholder management skills, with the ability to advise, influence, and challenge senior technical and non-technical audiences
• Comfortable operating independently, managing multiple workstreams, and delivering in fast-moving, global environments
• (Preferred) Industry-recognised security certifications (e.g. CISSP, CISM, CISA, CRISC)
• (Preferred) Prior experience in regulated financial or enterprise-scale environments

...

Apply for this role

All fields marked with * are required.