Senior Manager - Application Security Architect :: REMOTE
Role: Security EngineerCompany: ARK Solutions, Inc.
Job description
Ark Solutions Inc is looking for Senior Manager - Application Security Architect! Position: Senior Manager - Application Security Architect Location: REMOTE Duration: 6+ Months and possibility of extension Description: As an Application Security Architect, you will serve as a strategic advisor, guiding security architecture for cloud-native, mobile, and web applications. You will ensure security principles such as Zero Trust, least privilege, and defense-in-depth are embedded into our systems. This role emphasizes advising on risk assessments, cloud security architectures, CI/CD pipelines, and software supply chain security, utilizing your hands-on expertise to inform strategic decisions. You will oversee compliance with OWASP ASVS, OWASP Mobile Top 10, and other internal and external security standards. Day-to-day Responsibilities: • Defines strategy and roadmap, provides guidance, creates standards and guidelines, and reviews architectural designs. Ensures standards and guidelines incorporate legal and regulatory requirements. • Ability to articulate complex security concepts to both technical and non-technical stakeholders. • Collaborate with cross-functional teams, including cybersecurity architects and senior technical leaders, to align security strategies with organizational risk tolerance and innovation goals. • Conducts security and privacy technology research, assessments, and integration processes; provides and supports a prototype capability and/or evaluates its utility. • Develop and implement comprehensive risk mitigation strategies for applications, staying ahead of emerging threats and advising on proactive security measures. • Provides sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain. • Coordinate program-related activities and deliverables to ensure effective collaboration within the team and across stakeholder groups. • Provide strategic leadership and senior management for the organization's Cybersecurity risk oversight initiatives • Provide subject matter expertise in cybersecurity, to include maintaining and sharing knowledge of current and emerging cyber risk management practices and tools. • Advocate policy changes and makes a case on behalf of the company vi wide range of written and oral work products. • Assess and prioritize security risks associated with applications and develop risk mitigation strategies. • Monitor and evaluate emerging threats and vulnerabilities, recommending proactive measures to mitigate risks. • Continuously monitor application security risks, ensuring timely follow-ups on identified vulnerabilities and implementing effective solutions. • Contributes to, evaluates, and supports the documentation, and validation processes necessary to assure that associates, information technology systems and business processes meet the organization's information assurance, security, and privacy requirements. Ensures appropriate treatment of risk, compliance, and assurance of internal policies and external regulations. • Maintain effective communication with all stakeholders, providing regular updates on risk status, project progress, and compliance through concise reports and presentations. • Works with the Security Architect Analysts to monitor ongoing project activities, intake of new projects and monitoring of the Security Engagement Process including but not limited to: Data Classification, Security Controls, Threat Models, Architecture Review Boards, Authority to Operate. • Consults with customers to gather and evaluate functional requirements and provides security and privacy requirements, guidelines, and standards. • Develop and implement comprehensive risk mitigation strategies for applications, staying ahead of emerging threats and advising on proactive security measures. • Provides sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain. • Coordinate program-related activities and deliverables to ensure effective collaboration within the team and across stakeholder groups. • Provide strategic leadership and senior management for the organization's Cybersecurity risk oversight initiatives • Provide subject matter expertise in cybersecurity, to include maintaining and sharing knowledge of current and emerging cyber risk management practices and tools. • Advocate policy changes and makes a case on behalf of the company vi wide range of written and oral work products. Education and Experience Required: • Bachelor's degree in Computer Science, Software Engineering or equivalent experience/certification. • 6+ years of experience in Information Technology/Security including: • 3+ years of experience with Application Security testing methodologies (SAST, DAST, IAST, MPT). • Software engineering background with deep proficiency in at least one high level programming language (e.g., Java, C++, Go, PHP) • Proficient in JavaScript and at least one JavaScript framework (e.g., Angular, React, Vue). • Hands-on expertise in cloud security architectures (AWS, GCP, Azure), including VPC design, subnet management, and IAM policies. • Expert level knowledge of OWASP ASVS and OWASP WSTG and their applications to large enterprise environments. • Expert level knowledge of MITRE CVE, CWE, CAPEC and ATT&CK. • Expert level knowledge of SSDLC principles, best practices, and procedures. • Experience performing secure code reviews, issue triage and determining the efficacy of remediation approaches. • Experience in securing software supply chains and automating security checks in CI/CD pipelines. • Understanding of container security and container orchestration platforms (e.g., EKS, OpenShift). • Understanding of modern and conventional application architectures and the tradeoffs associated with their designs. • Understanding of microservice and cloud native application architecture. • Understanding of software design patterns and principles such as SOLID, Coupling, Cohesion and Abstraction • Strong analytical and problem-solving skills with the ability to interpret complex data and articulate findings to diverse stakeholders. • Strong understanding of runtime security technologies used to protect workloads and applications such as RASP. • Demonstratable working knowledge of SAFe practices, principles, and roles. • Experience in AppSec tools, DevSecOps and DevSecOps pipelines. Preferred: • Master's degree in Computer science, Software Engineering or related field or equivalent experience/certification. • Current information security certification: ISSAP or OSCE • Comprehensive knowledge of risk management frameworks including FAIR, NIST RMF, MITRE TARA, and OCTAVE. • Technical leadership experience in a highly regulated environment. • Proficiency in formal methods and model-based systems engineering for AI/ML validation and verification. • Project management skills with a demonstrated ability to work independently and with others. • Experience using security tools such as: GitHub Advanced Security (CodeQL, Dependabot, Secret Scanner), Tenable.io, Aqua CSP, SD Elements, and Contrast Asses. • Experience with JIRA and ServiceNow.
Requirements
• Ability to articulate complex security concepts to both technical and non-technical stakeholders
• Bachelor's degree in Computer Science, Software Engineering or equivalent experience/certification
• 6+ years of experience in Information Technology/Security including:
• 3+ years of experience with Application Security testing methodologies (SAST, DAST, IAST, MPT)
• Software engineering background with deep proficiency in at least one high level programming language (e.g., Java, C++, Go, PHP)
• Proficient in JavaScript and at least one JavaScript framework (e.g., Angular, React, Vue)
• Hands-on expertise in cloud security architectures (AWS, GCP, Azure), including VPC design, subnet management, and IAM policies
• Expert level knowledge of OWASP ASVS and OWASP WSTG and their applications to large enterprise environments
• Expert level knowledge of MITRE CVE, CWE, CAPEC and ATT&CK
• Expert level knowledge of SSDLC principles, best practices, and procedures
• Experience performing secure code reviews, issue triage and determining the efficacy of remediation approaches
• Experience in securing software supply chains and automating security checks in CI/CD pipelines
• Understanding of container security and container orchestration platforms (e.g., EKS, OpenShift)
• Understanding of modern and conventional application architectures and the tradeoffs associated with their designs
• Understanding of microservice and cloud native application architecture
• Understanding of software design patterns and principles such as SOLID, Coupling, Cohesion and Abstraction
• Strong analytical and problem-solving skills with the ability to interpret complex data and articulate findings to diverse stakeholders
• Strong understanding of runtime security technologies used to protect workloads and applications such as RASP
• Demonstratable working knowledge of SAFe practices, principles, and roles
• Experience in AppSec tools, DevSecOps and DevSecOps pipelines
SHARE THIS OPENING
Similar jobs
Job Type
Fulltime role
Skills required
Java, C++, Go, JavaScript, Angular, React, CI/CD
Location
Bethesda, Maryland
Salary
$130,000 - $180,000
Date Posted
June 15, 2025
Similar jobs
ARK Solutions, Inc.
ARK Solutions, Inc. is seeking a Senior Manager - Application Security Architect to guide security architecture for cloud-native, mobile, and web applications. This remote position emphasizes risk assessments, cloud security, and compliance with security standards.
