Application Security Architect

About Us

ISTARI is a strategic cybersecurity advisory company with a bold vision: to curate the defining cybersecurity ecosystem of our time - uniting enterprise, academia, government, and innovators to build collective resilience.

At the heart of this mission, ISTARI helps clients achieve lasting organisational cyber resilience by convening and applying world-class talent, expertise, and innovation through a uniquely powerful network, with ISTARI as the central orchestrator.

The Opportunity

The Application Security Architect provides strategic architecture and engineering support to embed security into the client's application development ecosystem. This role ensures that secure design principles, controls, and governance are consistently integrated across the SDLC, enabling applications to be resilient against modern threats while supporting business agility.

This is a
12-month contractor role
, operating within the Architecture & Engineering function and partnering closely with development teams, platform engineering, and security operations.

What You'll Do

• Provide application security architecture advisory for new application development, modernisation initiatives, and system integrations, ensuring security-by-design principles are embedded across the SDLC.
• Lead the execution and governance of the Secure Software Development Framework in collaboration with the client's development partners and platform teams.
• Define, maintain, and govern application security blueprints, reference architectures, and design patterns for APIs, microservices, and cloud-native workloads.
• Establish and enforce API security standards, including authentication, authorisation, encryption, traffic inspection, and rate limiting.
• Oversee threat modelling, secure design reviews, and risk assessments for business-critical applications and third-party integrations.
• Drive secure coding practices by enabling developer awareness, training, and adoption of secure frameworks and standards.
• Oversee the SAST, DAST, and CI/CD security tooling strategy, ensuring effective integration into development pipelines and efficient management of findings and remediation workflows.
• Act as the strategic interface for Application Security-as-a-Service, partnering with third-party engineering teams providing day-to-day AppSec execution and tooling operations.
• Collaborate with cloud, network, and platform engineering teams to ensure applications are securely deployed within segmented, Zero Trust-aligned environments.
• Serve as the application security authority during security incidents, providing architectural guidance for containment, remediation, and post-incident improvements.
• Provide executive-level reporting on application security posture, including vulnerability trends, remediation progress, and residual risk.

What You'll Bring

• ~10 years' experience in Application Security.
• Strong experience in secure SDLC governance and design assurance.
• Proven capability in application and API security architecture.
• Hands-on experience with cloud-native and microservices security.
• Experience overseeing security tooling and vulnerability findings management.
• Ability to coordinate and govern third-party AppSec service providers.
• Strong risk-based reporting and executive communication skills.
• Deep knowledge of SAST, DAST, and CI/CD security tooling.
• Experience with API gateways and identity services.

Engagement Details

• Engagement Type:
  Contractor (12-month fixed-term engagement)
• Duration:
  January 2026 – December 2026
• Location Preference:
  US East Coast or Central
• Work Authorisation:
  Not provided