Application Security ArchitectDaley and Associates • Boston, Massachusetts, United States
Dieses Stellenangebot ist nicht mehr verfügbar
Application Security Architect
Daley and Associates
- Boston, Massachusetts, United States
- Boston, Massachusetts, United States
Über
Conduct security architecture reviews for new and existing applications, APIs, and cloud‑native services to identify risks and recommend mitigation strategies. Lead application security risk assessments and threat modeling exercises for critical business applications and platforms. Define and maintain secure application architecture standards, reference patterns, and security best practices. Guide secure design principles, authentication and authorization models, encryption, secrets management, and secure API development.
Cloud & Container Security
Design and implement security controls for containerized and Kubernetes‑based environments, including OpenShift and Azure Kubernetes Service (AKS). Support secure container runtime practices using technologies such as Docker and Podman. Collaborate with infrastructure and platform engineering teams to strengthen cloud‑native security posture across Azure environments. Evaluate and recommend security tooling and controls for Kubernetes, container security, workload protection, and runtime monitoring.
DevSecOps & Software Supply Chain Security
Partner with development and DevOps teams to integrate automated security controls into CI/CD pipelines and software delivery processes. Support secure development lifecycle (SDLC) initiatives, including security testing, code review processes, and vulnerability remediation workflows. Establish and maintain software supply chain security practices, including Software Composition Analysis (SCA), open source governance, and vulnerability management using tools such as NexusIQ or similar platforms. Guide Infrastructure-as-Code (IaC) security and deployment best practices.
API & Application Protection
Implement and support API security controls and governance practices using enterprise API management and security solutions. Lead implementation and operational adoption of application protection technologies, including Runtime Application Self‑Protection (RASP) solutions such as Contrast Protect. Collaborate with teams to improve application observability, logging, and runtime threat detection capabilities.
Security Leadership & Collaboration
Develop and maintain application security policies, standards, and procedures aligned with industry frameworks and regulatory requirements. Partner with development teams to remediate vulnerabilities and improve overall security maturity. Deliver security guidance, mentoring, and awareness training to engineering and operational teams. Stay current on emerging threats, vulnerabilities, technologies, and industry trends to continuously improve the organization’s security posture.
Qualifications Required Qualifications
Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field. 7+ years of experience in application security, including security architecture reviews, threat modeling, and risk assessments. Strong knowledge of secure software development practices and modern application security principles. Experience securing containerized and Kubernetes‑based environments, including OpenShift and/or AKS. Experience integrating security into CI/CD pipelines and DevSecOps workflows using platforms such as Jenkins and Azure DevOps. Hands‑on experience with application security testing methodologies and tools, including:
Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Software Composition Analysis (SCA) Penetration testing and vulnerability assessment
Experience implementing and managing API security controls and API management platforms. Strong understanding of OWASP Top 10, NIST, CIS benchmarks, and secure architecture principles. Excellent analytical, communication, and problem‑solving skills with the ability to collaborate across technical and business teams.
Preferred Qualifications
Experience with tools such as Traceable, NexusIQ, Contrast Protect, or equivalent enterprise security platforms. Experience securing Microsoft Azure cloud environments and cloud‑native architectures. Familiarity with Infrastructure-as-Code (Terraform, Helm, Bicep) and related security controls. Knowledge of Kubernetes policy enforcement, container runtime security, and software supply chain security practices. Experience securing AI‑enabled platforms and Model Context Protocol (MCP) environments, including governance, secure tool integration, identity controls, and protection of sensitive data and model interactions, is a plus. Relevant industry certifications such as:
CISSP CCSP CSSLP OSCP GIAC security certifications Kubernetes security certifications
#J-18808-Ljbffr
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot wurde von einem unserer Partner veröffentlicht. Sie können das Originalangebot einsehen hier.