Senior Application Security ArchitectPayActiv Inc • Milpitas, California, United States
Senior Application Security Architect
PayActiv Inc
- Milpitas, California, United States
- Milpitas, California, United States
Über
Location: Milpitas, CA
Job Id: 216
Openings: 1
Reports to: Director of Information Security
Who we are We are Payactiv, a FinTech company devoted to giving workers access to their earned wages when they need them. Payactiv is the pioneer and industry leader in Earned Wage Access— the only Certified B Corporation and Public Benefit Corporation in our industry.
Our platform helps millions of workers avoid debt, build financial stability, and take control of their financial lives. We partner with thousands of employers who recognize that financial wellness isn’t a perk— it’s the foundation of a loyal, engaged workforce.
Payactiv is seeking a hands‑on Application Security Architect who will act as the principal consultant for security architecture across the entire product lifecycle, from conceptual design through to delivery and continuous development. Your central objective is to design, implement, and supervise a robust enterprise‑wide Secure SDLC initiative.
What you will do
Partner with product owners, engineering teams, and solution architects to architect, formalize, and implement a Secure SDLC framework based on NIST SSDF, OWASP SAMM, BSIMM, and Microsoft SDL standards.
Lead the architectural review process by overseeing ADRs, evaluating system architectures, and directing threat modeling sessions using methodologies such as attack trees, PASTA, and STRIDE.
Establish and uphold robust benchmarks for data handling and logging, along with standards for cryptography, secure coding, and authentication/authorization frameworks such as FIDO2, mTLS, SAML, OIDC, and OAuth 2.1.
Manage comprehensive .NET application security: provide oversight for C#, .NET 6/7/8+, ASP.NET Core (MVC, Web API, Minimal APIs), Blazor, gRPC, and EF Core, securing the supply chain and hardening legacy environments.
Deliver architectural guidance for modern stacks: secure‑coding expertise for Node.js, TypeScript (Express, NestJS, Next.js), and Angular, defining approved libraries and language‑specific security patterns.
Oversee development governance and reviews: manage Git branching strategies and repository protections across GitHub, Azure DevOps, and GitLab, and lead a tiered peer‑review program for high‑risk changes.
Architect and manage the AppSec toolchain: operate security automation including SAST, DAST, SCA, and secrets scanning, define build‑break policies, manage SBOM/SLSA compliance, and consolidate results via ASPM platforms.
Lead vulnerability and incident response: own application‑layer risk management, prioritizing issues via CVSS/EPSS and coordinating responses to supply‑chain threats or zero‑day events.
Team leadership and mentorship: supervise AppSec engineers and Security Champions, fostering a security culture through paired coding, internal CTFs, and the development of reference architectures and playbooks.
What you need
8+ years in a dedicated Application Security / Secure SDLC role.
8+ years of production C# / .NET experience, expert in modern .NET (6/7/8+), ASP.NET Core, EF Core, secure deserialization, authorization policies, Data Protection, and NuGet supply‑chain hygiene.
Working architect‑level proficiency in Python, Node.js / TypeScript, and Angular; able to define standards, review code, and threat‑model these stacks.
Expert in Git internals, branching strategies, merge semantics, signed commits, and large‑scale repo governance on GitHub Enterprise / Azure DevOps / GitLab.
Proven track record standing up or significantly maturing a Secure SDLC at enterprise scale, security‑as‑code, metric‑driven AppSec.
Deep knowledge of OWASP Top10, API Top10, ASVS L2/L3, CWE Top25, MITRE ATT&CK, applied cryptography, and identity protocols (OAuth 2.1, OIDC, SAML, FIDO2).
Excellent written communication – authors standards, ADRs and executive briefings; calm, structured incident leadership.
Third‑party/vendor risk assessments, ensuring alignment with internal security policies and risk tolerance.
Nice to have
Public CVEs, OSS security tooling, or conference talks (BlackHat, DEF CON, OWASP, NDC, .NET Conf).
AI / LLM application security (OWASP LLM Top10, prompt injection, model supply chain).
Fuzzing experience (SharpFuzz, libFuzzer) and prior PSIRT leadership.
What we offer
Company‑sponsored Health, Dental, and Vision insurance.
401(k) traditional and Roth with company match.
Tuition Assistance or Tuition Reimbursement.
Unlimited Paid Time Off.
Monthly Gym Reimbursement.
Paid time off to volunteer.
Paid Family Leave.
Complimentary lunches onsite.
Opportunity to grow.
Opportunity to work with a great team committed to making a difference.
Payactiv is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all team members.
#J-18808-Ljbffr
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klick auf „Jetzt Bewerben”, um deine Bewerbung direkt auf deren Website einzureichen.