Application Security Architect - Architecture and Velocity
Seattle, Washington, United States
Software and Services
- Proven experience in application architecture and security. Deep understanding of services oriented architecture, building internet-scale, distributed and critical services.
- Extensive knowledge of security issues faced by internal/external facing applications and ability to articulate their impact on technical and business users
- Experience with architecture and security reviews, threat modeling applications and identifying areas of risk.
- Experience securing infrastructure in public cloud (e.g. AWS, Azure, Google Cloud), cloud security/governance tools and cloud native platforms
- Experience implementing strategies to support secure and compliant architectures. Knowledge of network architectures, topologies and concepts (Firewalls, LB, WAF, CDN, VPC, ACL)
- Excellent written and verbal communication. Ability to scale by evangelising your work to leadership and engineers including writing requirements and solid technical guides.
- Familiar with compliance regulations e.g. PCI, GDPR, SOC2, SOX
- An affinity and experience with an automation and development based approach to security.
- Ability to collaborate with multi-functional teams located in different timezones to drive fixes and alignment to established policies.
- You thrive by identifying meaningful work and doing it without explicit direction.
The security architect will work with other security leads to define org's security program, measure adherence, suggest/implement changes, present to steering committee and engineering teams. We partner closely with engineering teams and other security teams to build a consolidated roadmap of security improvements. We work with engineering teams during design to build secure services, conduct security architecture reviews of the application stack, including applications built on cloud and emerging technologies, provide SME support, security guidance and mentoring, help others evaluate new platforms, technologies and patterns. As an architect you will be also working with other architects and engineers to design/develop tooling and framework components to allow easy adoption of security best practices e.g. auth, transport encryption, tracing. We also have a close partnership with the central information security team to prioritize and address open issues and plan for security initiatives, red teaming and compliance audits. As a security architect you have to stay on top of industry trends and threats/vulnerabilities. Research the latest security standard methodologies, trends, threats and vulnerabilities, and technology frameworks, use your expertise to reason about risk in a complex, multi-tier platform environment.
Education & Experience
BS/MS in Computer Science or Equivalent with 10+ years of experience