Sr Application Security Architect

*Senior *
Application Security Architect
- Remote or Hybrid
Nice to meet you
We're a leader in data and AI. Through our software and services, we inspire customers around the world to transform data into intelligence - and questions into answers.

We're also a debt-free multi-billion-dollar organization on our path to IPO-readiness. If you're looking for a dynamic, fulfilling career coupled with flexibility and world-class employee experience, you'll find it here.

About The Job
As a S enior Application Security Architect within the Product Security Organization (PSO) , you will be a key contributor to SAS security solution . Successful candidates will partner with architecture, engineering , and cloud hosting helping to solve complex technical problems anywhere in the Software Deve lopment Lifecycle ( SDLC ) from design and development through to deployment and operations . T echnical security breadth and depth as well as clear , concise and effective communications are key – t his role requires a diverse set of skills in systems architecture, software development, and cyber- security . Success will depend on your collaborative skills working toward the SAS goal of meeting legal, compliance, and customer security requirements as part of providing SAS customers with the most trustworthy solutions globally.

As a Senior
Application Security Architect at SAS , you will:

• Collaborate across R&D and cloud hosting teams to strategically improve the security posture of business-critical multi-tier solutions in legacy, hybrid cloud, and public cloud environments . Includes tactical r efactoring , environment promotion, and S ecure by D efault deployment and configuration to maintain security consistency if not parity between all environments.
• Collaborate in the planning of evolutionary paths for secure architectures and systems incorporating and aligning dependent third-party architectures as well as the adoption of new technolog ies while maintaining a robust and consistent security posture. Includes employing specific security compensating controls, defense in depth, and security posture aspects in support of Secure by Desig n , Secure by Default (deployment and configuration), and Zero Trust Architectural principles .
• Work with development teams providing security assessment and hardening of products spanning the SDLC and development pipelines left/ early-shifted wherever possible . Includes p erform ing periodic secure design , threat modeling, code reviews, or direct verification to identify and triage issues assessing the security risk and recommend ing remediation steps for vulnerabilities and weaknesses .
• Collaborate with Product Management stakeholders to ensure security implementations are consistent with business objectives , customer requirements , and applicable global regulations.
• Identify , train, and partner with Security C hampions in place with product R&D teams . Help champions assess and gauge risk to identify security gaps or seams in the products and integrated solutions.
• Create and maintain secure engineering documentation, guidance, or training collateral supporting with PSO standards, policies, and procedures .
• Collaborate with other teams within security to identify new tools and processes to integrate into the Secur e SDLC . Recommend and promote software security policies, standards, and procedures that can improve the global SAS security posture. Mentor and coach with in the P roduct Security Office and other Security Architects aligned with your security breadth and building depth via subject matter expertise .

Required Qualifications

• 8+ years of secure software development, secure system architecture and design, or related experience.
• 4+ years of demonstratable experience in developing or adopting software security best practices.
• Bachelor's degree with major study in Computer Science , Electrical Engineering, or related . Possess relevant security certifications such as from SANS, GIAC, or ISACA CEH , for CCSP, CSSLP, CISM, or CISSP .
• An equivalent combination of related education, training , or experience may be considered in place of any of the above qualifications.
• Knowledge of current Global Enterprise security risks and attacker TTPs as published by MITRE .
• Experience with programming languages such as C/C++, Java, Python, JavaScript, PHP, Golan g, etc. allowing you to review code or logic and be confident in giving prescriptive guidance to R&D and hosting /ops in security patterns and best practices.
• Expertise in securing enterprise web applications and familiarity with OWASP Top 10, CVSS, CWE and SANS-25.
• Experience with security best practices for modern R&D such as micro-services and containers, Agentic AI, hyper-scale cloud hosting and operations , etc.
• You're curious, passionate, authentic and accountable. These are our values and influence everything we do.

Preferred Qualifications

• Experience with cloud hosting and operational security for public clouds ( Azure , AWS, or GCP ) and hybrids such as the domains and requirements in the Microsoft Cloud Security Benchmark (MCSB).
• Experience with SAST tools, such as: Snyk , Black Duck, Sonar , etc.
• Experience with DAST /IAST tools , such as: ZAP, Burp Suite , Kali, Nessus, etc.
• Knowledge of and e xperience with auditing, implementing, and supporting Dev ( Sec ) Ops.

World-Class Benefits
Highlights include...

• Comprehensive medical, prescription, dental and vision plans.

• Medical plan options include...

• PPO with low annual deductible and copays.

• HDHP combined with a health savings