Application Security Architect

Application Security Architect with strong DevSecOps

Location: NJ/Charlotte (Day 1 onsite)

Prefer only FTE, no contractors

Key Responsibilities

• Assess the architecture, controls, processes and deployments of secure CI/CD pipelines
• Assess current integrations of security controls and automation in the development workflows
• Collaborate with development, operations, and security teams to understand the security best practices and compliance standards
• Review the adoption of secure coding practices and their effectiveness
• Evaluate potential options for automating security checks, integrating security tools and controls, and ensuring security throughout the development lifecycle
• Strategize and develop plans to modernize pipelines and remove manual processes

Required Skills & Qualifications

• Proven hands-on experience in designing and securing DevOps pipelines and security engineering roles
• Expertise in cloud technologies, automation tools, security controls, and a strong understanding of security frameworks and compliance standards
• Proven experience working with development, operations, and security teams to integrate security practices into the development lifecycle
• Strong understanding of CI/CD tools (e.g., Jenkins, GitLab CI, GitHub Actions, Azure DevOps).
• Working knowledge in branching strategy and development lifecycle management.
• Expertise in containerization and orchestration (e.g., Docker, Kubernetes).
• Proficiency in infrastructure as code (IaC) tools (e.g., Terraform, Ansible, CloudFormation).
• Deep knowledge of security tools and practices (e.g., SAST, DAST, SCA, secrets management).
• Experience with cloud platforms (AWS, Azure, GCP) and their security services.
• Strong understanding on secure development lifecycle framework, secure code practice and OWASP Top10 vulnerabilities and remediation.
• Good knowledge of scripting skills (e.g., Python, Bash, PowerShell).
• Familiarity with compliance frameworks (e.g., NIST, ISO 27001, SOC 2).

Preferred Qualifications

• Certifications: CISSP, CCSP, or equivalent. Azure, AWS or GCP certification (Security and Devops)