About the position
Strada Global seeks a highly skilled Application Security Architect to drive secure application development practices across our global platforms. In this fully remote role, you'll ensure the security and resilience of our digital products and services, collaborating closely with development teams to embed security throughout the software development lifecycle (SDLC). Your expertise will help shape the secure coding practices, application testing, and threat modeling methodologies essential for our ongoing global growth.
Responsibilities
- Design, implement, and oversee security controls and practices for applications, APIs, and microservices within cloud environments, primarily Microsoft Azure.
- Lead the integration of security best practices into the development lifecycle, including secure coding guidelines, code reviews, and automated security testing.
- Conduct threat modeling exercises to proactively identify vulnerabilities and recommend actionable mitigation strategies.
- Evaluate and recommend tools, technologies, and methodologies to enhance application security aligned with Strada's technology strategy.
- Oversee and enhance processes for static and dynamic application security testing (SAST/DAST), penetration testing, and vulnerability assessments.
- Collaborate with global development teams to build security awareness, providing coaching, training, and resources to foster secure coding practices.
- Support application-level security incident investigations, providing technical expertise to ensure timely resolution and remediation.
- Ensure application security practices meet global regulatory requirements and internal policies.
Requirements
- 7+ years in cybersecurity, with at least 4 years focused specifically on application security architecture and secure software development practices.
- Deep expertise in application security frameworks (e.g., OWASP), secure coding practices, security testing tools (SAST, DAST), penetration testing, and cloud security, especially within Microsoft Azure.
- Relevant certifications such as CISSP, CSSLP, OSCP, or other security and cloud architecture certifications are highly desirable.
- Exceptional ability to communicate complex security concepts clearly to developers, technical stakeholders, and senior leadership.
- Proven ability to analyze complex security issues, threats, and vulnerabilities, and develop practical solutions.
- Strong interpersonal skills, with experience working effectively across globally distributed teams.
Nice-to-haves
- Experience working with global development teams in an agile environment.
- Knowledge of DevSecOps practices and automation frameworks.
Benefits
- Health coverage
- Wellbeing programs
- Paid leave (vacation, sick, parental)
- Retirement plans
- Learning opportunities
