WorkWave

Application Security Architect

WorkWave

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Manual Apply

Salary

💰 $180,000 - $200,000 per year

Job Level

SeniorLead

Tech Stack

AWSAzureCloudDockerGoJavaJavaScriptKubernetesMicroservicesNode.jsPythonSDLCTerraformTypeScriptVault

About the role

  • Secure SDLC Leadership: Collaborate with development, engineering, and DevOps teams to embed security practices and controls at every stage of the development process.
  • Develop and enforce secure coding standards and provide guidance to development teams.
  • Establish and measure KPIs and metrics to track the effectiveness of secure development practices
  • DevSecOps and Pipeline Security: Integrate and automate security testing tools (SAST, DAST, IAST, SCA) into the CI/CD pipeline to provide continuous security feedback.
  • Evaluate and implement runtime protection solutions such as RASP or CSPM tools to enhance production-layer visibility and control.
  • Champion shift-left security principles to identify and remediate vulnerabilities early in the development process.
  • Work with DevOps to secure containerized environments and orchestration platforms (e.g., Docker, Kubernetes).
  • Evaluate and maintain secure secrets management and identity integration within CI/CD workflows.
  • Define and maintain logging and alerting strategies for application-layer threats using SIEM or monitoring tools.
  • Support blue/green deployments and canary testing from a security perspective.
  • Security Architecture and Design: Conduct security architecture reviews for new and existing applications, providing actionable recommendations to mitigate risks.
  • Develop and maintain security architecture standards and patterns for web, and mobile applications.
  • Evaluate and design API security strategies, including OAuth2, OpenID Connect, and rate limiting.
  • Lead the modernization of legacy application security architectures to align with current best practices.
  • Perform threat modeling and risk assessments for new features and product lines.
  • Evaluate and secure modern workloads such as serverless applications, infrastructure-as-code deployments, and ephemeral compute environments.
  • Collaboration and Enablement: Serve as the primary security advisor for development and engineering teams on all application security matters.
  • Influence and drive security strategy across product lines, working closely with product management, compliance, and business stakeholders - Create and deliver security training and awareness programs to foster a security-first mindset among developers.
  • Develop and maintain security documentation, including architecture diagrams, security requirements, and best practice guides.
  • Act as a security evangelist, representing WorkWave at industry events, communities, and internal leadership meetings.
  • Familiarity with securing AI/ML pipelines or privacy concerns related to ML-driven features is a plus.

Requirements

  • Bachelor’s degree in Computer Science, Information Security, or a related field.
  • Industry certifications such as CISSP, CWAPT/CASS, CISM, CISA, or related are highly desirable
  • 10+ years of experience in application security, with a proven track record of architecting and implementing secure development practices.
  • 3+ years of experience as a developer
  • Experience aligning security controls with data protection regulations (e.g., GDPR, HIPAA, CCPA) is a plus.
  • Extensive experience with DevSecOps and securing CI/CD pipelines.
  • Extensive experience with secure coding requirements like OWASP ASVS.
  • Hands-on experience with a variety of application security tools (SAST, DAST, SCA, IAST).
  • Strong background in application architecture, including microservices, APIs, and cloud-native technologies.
  • Experience with compliance frameworks such as PCI DSS, SOC 2, and ISO 27001.
  • Familiarity with threat modeling methodologies (STRIDE, PASTA, OCTAVE) is desirable
  • In-depth knowledge of secure coding principles, cryptography, and common application vulnerabilities (OWASP Top 10, NIST, GDPR).
  • Proficiency in scripting or programming languages (Python, Go, Java, TypeScript, Node.js).
  • Strong understanding of cloud security principles and experience with AWS (preferred) or Azure.
  • Strong understanding of IaC: Terraform, CloudFormation
  • Strong understanding of Secrets: Vault, AWS Secrets Manager
  • Strong understanding of Container Security: Trivy, Aqua, Anchore
  • Excellent analytical, problem-solving, and communication skills, with the ability to influence and lead cross-functional teams.
  • Ability to work independently and strategically to drive security initiatives forward.