Application Security Architect

About the Role

Employment Type: Full-time

We are seeking a highly skilled and forward-thinking Application Security Architect to lead the integration of security into our software development lifecycle. The ideal candidate will have a deep understanding of secure coding practices, CI/CD pipeline security, and modern application architecture. This role is essential for partnering with our development, engineering, and DevOps teams to build a culture of security and to ensure our applications are secure by design. The Application Security Architect will also play a key role in aligning security initiatives with business goals, performing threat modeling exercises, and reducing application risk throughout the SDLC.

What You'll Do

Secure SDLC Leadership

• Collaborate with development, engineering, and DevOps teams to embed security practices and controls at every stage of the development process.
• Develop and enforce secure coding standards and provide guidance to development teams.
• Establish and measure KPIs and metrics to track the effectiveness of secure development practices

DevSecOps and Pipeline Security

• Integrate and automate security testing tools (SAST, DAST, IAST, SCA) into the CI/CD pipeline to provide continuous security feedback.
• Evaluate and implement runtime protection solutions such as RASP or CSPM tools to enhance production-layer visibility and control.
• Champion "shift-left" security principles to identify and remediate vulnerabilities early in the development process.
• Work with DevOps to secure containerized environments and orchestration platforms (e.g., Docker, Kubernetes).
• Evaluate and maintain secure secrets management and identity integration within CI/CD workflows.
• Define and maintain logging and alerting strategies for application-layer threats using SIEM or monitoring tools.
• Support blue/green deployments and canary testing from a security perspective.

Security Architecture and Design

• Conduct security architecture reviews for new and existing applications, providing actionable recommendations to mitigate risks.
• Develop and maintain security architecture standards and patterns for web, and mobile applications.
• Evaluate and design API security strategies, including OAuth2, OpenID Connect, and rate limiting.
• Lead the modernization of legacy application security architectures to align with current best practices.
• Perform threat modeling and risk assessments for new features and product lines.
• Evaluate and secure modern workloads such as serverless applications, infrastructure-as-code deployments, and ephemeral compute environments.

Collaboration and Enablement

• Serve as the primary security advisor for development and engineering teams on all application security matters.
• Influence and drive security strategy across product lines, working closely with product management, compliance, and business stakeholders
• Create and deliver security training and awareness programs to foster a security-first mindset among developers.
• Develop and maintain security documentation, including architecture diagrams, security requirements, and best practice guides.
• Act as a security evangelist, representing WorkWave at industry events, communities, and internal leadership meetings.
• Familiarity with securing AI/ML pipelines or privacy concerns related to ML-driven features is a plus.

What You'll Bring

Education

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• Industry certifications such as CISSP, CWAPT/CASS, CISM, CISA, or related are highly desirable

Experience

• 10+ years of experience in application security, with a proven track record of architecting and implementing secure development practices.
• 3+ years of experience as a developer
• Experience aligning security controls with data protection regulations (e.g., GDPR, HIPAA, CCPA) is a plus.
• Extensive experience with DevSecOps and securing CI/CD pipelines.
• Extensive experience with secure coding requirements like OWASP ASVS.
• Han