Lead Enterprise Application Security Architect (Permanent – Hybrid – Tampa, FL; Southfield, MI; Denver, CO; or Memphis, TN)

An opportunity has come through our network for a Lead Enterprise Application Security Architect at a globally leading Wealth Management firm. This permanent position offers a hybrid work model, requiring 2-3 days per week in the office. You can be based in Tampa, FL; Southfield, MI; Denver, CO; or Memphis, TN. This role is absolutely pivotal in shaping the firm’s data security posture, as you’ll lead the design and implementation of robust data protection frameworks across the enterprise.

This role is critical for identifying and mitigating security risks throughout the software development lifecycle. You’ll evaluate system designs for potential vulnerabilities, guide engineering teams through secure coding practices, and support them in resolving security issues within their applications. Your responsibilities also extend to developing tailored security frameworks and architectural guidelines based on prior assessments and recognized industry standards.

What You’ll Be Doing: Leading Secure Application Design and Architecture

As a Lead Enterprise Application Security Architect, you’ll be at the forefront of embedding security into the DNA of applications, ensuring that software solutions are robust, compliant, and resilient against evolving threats. Your role combines strategic design with hands-on guidance and cross-functional collaboration.

• Lead Secure Design Reviews and Threat Modeling: You will proactively lead secure design reviews and threat modeling sessions for all new projects, features, and significant architectural changes. This crucial step ensures that security considerations are integrated from the very inception of development. You will meticulously review designs to identify potential vulnerabilities and weaknesses, and guarantee strict compliance with industry standards, regulatory requirements, and internal security policies. Your leadership in this area is vital for “shifting left” security.
• Evaluate Adherence to Architectural Standards and Adapt Enterprise Assets: You will diligently evaluate adherence to architectural standards, ensuring that all application designs and implementations align with established enterprise guidelines and best practices. A key focus will be on minimizing technical debt, advocating for sustainable and efficient solutions. You will also strategically adapt enterprise assets (including existing systems, services, and data) for major programs, ensuring their secure integration and evolution within new architectures.
• Partner with Development Teams on Security Vulnerabilities: You will foster close partnerships with development teams to provide essential support and expert guidance in addressing security vulnerabilities identified throughout the software development lifecycle. This includes providing insights during the design phase, conducting thorough code reviews, and assisting in resolving issues uncovered during various testing phases (e.g., SAST, DAST, penetration testing). Your collaboration ensures that security flaws are remediated effectively and efficiently.
• Create and Maintain Secure Reference Architectures: You will be instrumental in creating and maintaining secure reference architectures. These authoritative guides will provide prescriptive blueprints for the design and implementation of secure systems and applications across the organization. You’ll customize these architectures to the firm’s specific technologies and needs, ensuring consistent application of security best practices and accelerated secure development.
• Collaborate on Integrating Security Practices into SDLC: You will engage in robust collaboration with cross-functional teams, including development, infrastructure, and compliance. Your objective is to seamlessly integrate security practices into the software development lifecycle (SDLC) and infrastructure provisioning processes. This involves embedding security requirements, automated security testing, and compliance checks at every stage, promoting a “security by design” approach.
• Offer Expert Advice on Security Issues: You will serve as a go-to expert, offering invaluable expert advice on a wide range of security issues. This includes providing guidance on complex topics such as encryption (data at rest, in transit, in use), various authentication methods (MFA, SSO, passwordless), robust access control mechanisms (RBAC, ABAC), and secure communication protocols (TLS, mTLS, secure APIs). Your expertise will help resolve intricate security challenges.
• Stay Up-to-Date with Industry Trends and Emerging Threats: You will continuously keep up-to-date with industry trends, emerging threats, and best practices in security architecture and design. This proactive learning involves researching new vulnerabilities, advanced persistent threats (APTs), and innovative security solutions. You will then critically evaluate their relevance to the organization’s security strategy, making informed recommendations for adoption or adaptation to maintain a cutting-edge defense posture.

What’s Needed: Your Foundational Expertise in Application Security Architecture

To excel as a Lead Enterprise Application Security Architect, you’ll need extensive experience in security engineering and architecture, a deep understanding of application security principles, and strong communication and leadership skills.

• Educational Background and Experience: You must possess a Bachelor’s degree in Computer Science, Management Information Systems, or a related field, coupled with at least 5+ years of relevant experience. Alternatively, a combination of education, training, and experience approved by Human Resources will be considered.
  • Preferred: 7+ years of experience in security engineering, architecture, or a similar role, with a strong focus on threat modeling, secure design reviews, and vulnerability management. This extended experience signifies a seasoned expert in the application security domain.
• Solid Understanding of Web Application Security: You have a solid understanding of web application security principles, including secure coding practices and common vulnerabilities as outlined in the OWASP Top 10 (e.g., Injection, Broken Authentication, XSS). This foundational knowledge is crucial for identifying and mitigating risks in modern web applications.
• Skilled in Designing Secure Architectures (On-Prem and Cloud): You are highly skilled in designing and implementing secure architectures for both on-premises and cloud environments. This includes expertise with major cloud platforms such as AWS (Amazon Web Services) and Azure (Microsoft Azure), ensuring that security controls are consistently applied across hybrid infrastructures.
• Demonstrated Passion for Protecting Organizations: You bring a demonstrated passion for protecting organizations from evolving threats. This intrinsic motivation drives you to continuously seek out vulnerabilities, stay informed about the latest attack vectors, and implement robust defenses, going beyond mere task completion.
• In-Depth Knowledge of Authentication and Authorization: You possess in-depth knowledge of authentication and authorization methods. This includes understanding single-factor and multi-factor authentication (MFA), step-up authentication (requiring additional verification for sensitive actions), and single sign-on (SSO) solutions. Familiarity with password-less solutions (e.g., FIDO2) is a significant plus, indicating knowledge of emerging identity technologies.
• Strong Grasp of Encryption Methods: You have a strong grasp of various encryption methods, particularly certificate-based cryptography (e.g., X.509 certificates, TLS) and token-based cryptography (e.g., JWT, OAuth tokens). This expertise ensures data confidentiality and integrity in transit and at rest.
• Knowledgeable in Network Protocols and Topologies: You are knowledgeable in network protocols (e.g., TCP/IP, HTTP/S, DNS) and network topologies (e.g., LAN, WAN, VPN, micro-segmentation). This understanding is critical for securing network communication and data flow within complex enterprise environments.
• Experience with Defense-in-Depth and Incident Response: You have practical experience with defense-in-depth strategies, applying multiple layers of security controls to protect assets. You also have experience with incident response processes, including detecting, containing, eradicating, and recovering from security incidents.
• Excellent Communication Skills: You possess excellent communication skills, enabling you to effectively engage with a wide range of technical and business stakeholders. Your ability to articulate complex security concepts clearly, present risk assessments, and drive consensus across diverse teams is paramount.
• Experience in Financial Services (Preferred): Experience in financial services is preferred but not required. However, the ability to quickly acquire relevant business knowledge in this domain is essential, demonstrating your adaptability and commitment to understanding industry-specific security challenges and compliance needs.