Senior Application Security Architect

Job Title: Senior Application Security Architect
Location: Rockville, MD (Onsite)
Interview Mode (MOI): Skype + Face-to-Face
Experience: 10+ Years

Job Summary

We are seeking a highly experienced Senior Application Security Architect to lead the design and implementation of enterprise application security strategies. The ideal candidate will be responsible for securing applications across the SDLC, implementing security architecture, and driving secure coding and DevSecOps practices across the organization.

This role requires deep expertise in application security, threat modeling, secure architecture design, and regulatory compliance within complex enterprise environments.

Work Location: Rockville, Maryland

Key Responsibilities

• Define and implement enterprise application security architecture and strategy.
• Lead secure design reviews, threat modeling, and risk assessments for applications.
• Integrate security into SDLC and DevSecOps pipelines.
• Establish and enforce secure coding standards and best practices.
• Conduct application security assessments including SAST, DAST, SCA, and penetration testing.
• Collaborate with development, DevOps, and infrastructure teams to remediate vulnerabilities.
• Design and implement security controls for web, mobile, API, and cloud applications.
• Provide architectural guidance on authentication, authorization, encryption, and secrets management.
• Evaluate and implement application security tools and platforms.
• Ensure compliance with regulatory and industry standards (NIST, ISO, SOC2, HIPAA if applicable).
• Lead incident response and root cause analysis for application security incidents.
• Mentor development teams on secure coding and security awareness.
• Create documentation, security policies, and architectural standards.

Required Skills & Qualifications

• 10+ years of experience in cybersecurity with strong focus on application security.
• Proven experience as an Application Security Architect or similar role.
• Deep knowledge of secure SDLC, DevSecOps, and security architecture.
• Strong understanding of web application, API, and microservices security.
• Experience with threat modeling methodologies and tools.
• Hands-on experience with SAST, DAST, SCA, and container security tools.
• Knowledge of authentication protocols (OAuth2, SAML, OpenID Connect).
• Experience securing cloud-based applications (Azure, AWS, or GCP).
• Strong knowledge of encryption, secrets management, and key management.
• Experience with CI/CD tools (Jenkins, GitHub, Azure DevOps).
• Familiarity with OWASP Top 10 and secure coding practices.