Senior Application Security Architect

United States, New York City, NY, Remote - Time Zone Dependent
Job ID: 1776

Job Description

In order to capitalise on their continued growth, our client, an international financial services company that builds and operates OTC marketplaces, is seeking a Senior Application Security Architect. As a senior member of the Information Security team, this role will be taking a lead in defining strategy, engineering solutions and managing roadmaps for securing the enterprise technology. The ideal candidate will be knowledgeable in many domains of security and should be able to design and implement high impacting solutions across the organisation. The role will also have an opportunity to work with subject matter experts not only within security, but across infrastructure, network, development, and business teams. The candidate must have previous managerial experience; particularly in the management of a highly technical team.

Role Responsibilities:

  • Take a leadership role in proposing, designing, planning and executing strategic and tactical security objectives to protect the information systems and network
  • Serve as an internal information security advisor and subject matter expert for all application security-related work
  • As a subject matter expert, share technical knowledge, scalability, enterprise system architecture, and DevSecOps best practices
  • Working with Application Architects to design a framework for ingesting new applications into production including cloud environments
  • Lead security for orchestration, configuration, and provisioning automation
  • Lead product selection efforts, including defining evaluation criteria and test plans
  • Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
  • Bring together key stakeholders to develop and review enterprise application security strategies and roadmaps
  • Develop appropriate policy, standards, guidelines, process and procedures for remediation
  • Collaborate with business units and corporate partners to ensure solutions are built-in consistent with the organisation's policies, programs, architectural recommendations, and information security standards
  • Understand the common types of cyber-attacks and countermeasures in the industry and engage with the business units to resolve within SLAs
  • Develop, build and implement a mature and robust set of metrics and reports

Technical Experience and Qualifications Required:

  • 10+ years of experience leading global information security programs
  • 7+ years of proven experience in application architecture and security
  • Extensive experience in building security for large-scale distributed and critical services
  • Extensive knowledge of identifying security issues in applications and ability to articulate their risk exposure to technical and business users
  • Full application/system development lifecycle knowledge and experience
  • Experience with architecture and security reviews, and threat modelling applications
  • Experience with SAST/DAST/IAST and CI/CD tools
  • Strong knowledge of API security, WAF, and Cryptography
  • Experience with Docker and Kubernetes
  • Experience securing applications in public cloud (e.g. AWS, Azure, Google Cloud), and cloud security/governance tools
  • Experience with Terraform, Cloudformation, Terragrunt
  • Scripting experience with any of the following: JavaScript, Python, Powershell etc.
  • Must be able to communicate across all levels of the organization, from non-tech end-user community to c-suite audiences
  • Experience working with global teams
  • CISSP, CISM or equivalent qualifications preferred

Apply for this role

All fields marked with * are required.

  I confirm that I have the right to work in this location. *

Back to Job Listings