Santcore Technologies
Senior Application Security Architect
Santcore Technologies, Tysons Corner, Virginia, United States
Santcore's client is seeking a
seasoned Senior Application Security Architect
with
5+ years of experience
(primarily U.S.-based) who can design, implement, and oversee enterprise-wide
application security architecture . The ideal candidate will bring
deep expertise in cloud (AWS), application security frameworks, threat modeling, and secure coding practices . Key must-haves include: CISSP or equivalent certification (REQUIRED) Application security architecture
with focus on
cloud-native and AWS security Threat modeling & code review expertise
(not as a developer, but must be able to read code) DevSecOps knowledge Strong communication and leadership skills
to influence cross-functional teams Nice-to-haves: AWS certifications, Offensive Security / Pen Testing certifications AI / LLM security experience (highly preferred) Pen testing or offensive security background The role requires someone who can
strategically balance business objectives with security requirements , lead enterprise-level initiatives, and embed security into every layer of the SDLC. Key Responsibilities Establish and maintain
enterprise application security architecture frameworks
and reference models. Lead
architecture reviews
of applications/systems to identify and mitigate security risks. Define and enforce
security baselines, standards, and patterns
across technology stacks (web, mobile, APIs, microservices, serverless). Develop and facilitate
threat modeling
methodologies (e.g., STRIDE, PASTA, OCTAVE). Set
secure coding standards
and requirements based on risk/data classification. Architect solutions for
authentication, authorization, encryption, and secure communications . Implement
cloud-native security guardrails , API security strategies (OAuth/OIDC, gateways, rate limiting), and secure data handling. Integrate security into
CI/CD pipelines
to advance DevSecOps. Evaluate and recommend
application security tools and technologies . Partner with development teams to design secure yet practical solutions. Drive
enterprise-wide strategic security initiatives . Leverage
GenAI/AI tools
to enhance security analysis and architecture reviews. Document architecture decisions, patterns, and reference implementations. Provide
training and mentorship
to developers and architects. Stay current with
emerging threats and security frameworks . Required Qualifications Bachelor’s degree in
Computer Science, Information Security, or related field . 5+ years of application security experience
(with at least 2 years in security architecture). CISSP or equivalent certification REQUIRED . Expertise in
secure design principles, threat modeling, and security patterns . Strong
cloud security knowledge
(AWS required; Azure/GCP a plus). Experience with
SAST, DAST, IAST, SCA tools
and
security testing platforms
(e.g., Burp Suite, OWASP ZAP). Deep knowledge of
OWASP Top 10, CWE, and other security standards . Experience with
secure APIs
and authentication protocols (MFA, SSO, OAuth2.0, SAML, OIDC). Familiarity with
DevSecOps practices
and CI/CD integration. Understanding of
cryptography, secure coding, and vulnerability assessment . Strong communication skills to convey complex security concepts. Experience leading
cross-functional initiatives
and influencing stakeholders. Preferred / Nice-to-Have AWS Security Specialty, Offensive Security, or Pen Testing certifications . AI / LLM security expertise
(securing agentic AI or using AI for security). Hands-on penetration testing or offensive security background. Familiarity with compliance/regulatory frameworks (PCI-DSS, GDPR, SOX). We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation or age.
#J-18808-Ljbffr
seasoned Senior Application Security Architect
with
5+ years of experience
(primarily U.S.-based) who can design, implement, and oversee enterprise-wide
application security architecture . The ideal candidate will bring
deep expertise in cloud (AWS), application security frameworks, threat modeling, and secure coding practices . Key must-haves include: CISSP or equivalent certification (REQUIRED) Application security architecture
with focus on
cloud-native and AWS security Threat modeling & code review expertise
(not as a developer, but must be able to read code) DevSecOps knowledge Strong communication and leadership skills
to influence cross-functional teams Nice-to-haves: AWS certifications, Offensive Security / Pen Testing certifications AI / LLM security experience (highly preferred) Pen testing or offensive security background The role requires someone who can
strategically balance business objectives with security requirements , lead enterprise-level initiatives, and embed security into every layer of the SDLC. Key Responsibilities Establish and maintain
enterprise application security architecture frameworks
and reference models. Lead
architecture reviews
of applications/systems to identify and mitigate security risks. Define and enforce
security baselines, standards, and patterns
across technology stacks (web, mobile, APIs, microservices, serverless). Develop and facilitate
threat modeling
methodologies (e.g., STRIDE, PASTA, OCTAVE). Set
secure coding standards
and requirements based on risk/data classification. Architect solutions for
authentication, authorization, encryption, and secure communications . Implement
cloud-native security guardrails , API security strategies (OAuth/OIDC, gateways, rate limiting), and secure data handling. Integrate security into
CI/CD pipelines
to advance DevSecOps. Evaluate and recommend
application security tools and technologies . Partner with development teams to design secure yet practical solutions. Drive
enterprise-wide strategic security initiatives . Leverage
GenAI/AI tools
to enhance security analysis and architecture reviews. Document architecture decisions, patterns, and reference implementations. Provide
training and mentorship
to developers and architects. Stay current with
emerging threats and security frameworks . Required Qualifications Bachelor’s degree in
Computer Science, Information Security, or related field . 5+ years of application security experience
(with at least 2 years in security architecture). CISSP or equivalent certification REQUIRED . Expertise in
secure design principles, threat modeling, and security patterns . Strong
cloud security knowledge
(AWS required; Azure/GCP a plus). Experience with
SAST, DAST, IAST, SCA tools
and
security testing platforms
(e.g., Burp Suite, OWASP ZAP). Deep knowledge of
OWASP Top 10, CWE, and other security standards . Experience with
secure APIs
and authentication protocols (MFA, SSO, OAuth2.0, SAML, OIDC). Familiarity with
DevSecOps practices
and CI/CD integration. Understanding of
cryptography, secure coding, and vulnerability assessment . Strong communication skills to convey complex security concepts. Experience leading
cross-functional initiatives
and influencing stakeholders. Preferred / Nice-to-Have AWS Security Specialty, Offensive Security, or Pen Testing certifications . AI / LLM security expertise
(securing agentic AI or using AI for security). Hands-on penetration testing or offensive security background. Familiarity with compliance/regulatory frameworks (PCI-DSS, GDPR, SOX). We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation or age.
#J-18808-Ljbffr