Application Security Architect

Job Description : AppSec Architect (AWS)Experience : 7+ YearsLocation : Bangalore / Gurugram / NoidaPosition Overview : We are seeking an experienced Application Security Architect (AWS) to design and implement secure application architectures for AWS-hosted services and applications.The ideal candidate will have deep expertise in application security, cloud-native security practices, and AWS services, with the ability to provide architectural guidance, mentor engineering teams, and act as a subject matter expert (SME) in security governance, audits, and compliance.This role requires a strong balance of hands-on technical ability and the capacity to engage with executive stakeholders, guiding security strategies and embedding secure-by-design principles across the enterprise.Key Responsibilities : - Design and implement application security architecture for AWS-hosted applications and services.- Ensure secure-by-design initiatives across the SDLC, including threat modeling, risk assessments, and architecture reviews.- Produce and review Architecture Decision Records (ADRs) to maintain robust documentation.- Collaborate with software engineers, DevOps teams, security engineers, and cloud architects to align solutions with security best practices.- Define and promote secure coding standards and security-focused CI/CD pipelines.- Provide guidance on integrated security tools such as MAST, SAST, DAST, SCA, IaC scanning, and secret detection, tailored for cloud environments.- Develop reusable security reference architectures and design patterns for AWS microservices, APIs, containers, and serverless workloads.- Monitor and evaluate emerging AWS security features, providing recommendations for adoption.- Support incident response and forensic investigations related to application-layer attacks.- Guide remediation strategies for vulnerabilities and design flaws.- Serve as a security SME in governance, audits, and compliance initiatives.- Conduct architectural governance reviews, ensuring projects align with technical strategies, platform roadmaps, and enterprise standards.- Drive detailed solution design and partner with stakeholders for implementation.- Explore and pilot innovative security technologies, running PoCs to strengthen organizational security.- Mentor and coach engineering colleagues on secure solution design, providing architectural advice and technical leadership.- Participate in enterprise-wide architecture and engineering discussions, introducing new paradigms and solutions.- Communicate security strategy and direction to senior leadership and executives.Qualifications : - 7+ years of experience in application security, software engineering, or security architecture roles.- 3+ years of hands-on AWS experience with services such as IAM, KMS, CloudTrail, VPCs, CodePipeline, Terraform, etc.- Deep understanding of AWS Compute, Storage, Networking, Data, and Security services.- Strong expertise in SDLC security practices and cloud-native application patterns (microservices, containers, CI/CD).- Experience implementing security controls in CI/CD pipelines (Jenkins, GitHub, GitHub Actions, etc.- Proficiency in at least one programming language (e.g., Python, Java, Go, Node.js).- Familiarity with OWASP Top 10, SANS CWE Top 25, and threat modeling methodologies (e.g., STRIDE).- Strong communication skills with the ability to convey technical risks to executive stakeholders.- At least one recognized security certification (e.g., GDSA, GCAD, GWAT, GWEB, GPEN, GCPN GXPN).- Additional certifications are a plus : SABSA, TOGAF, AWS Certified Solutions Architect.Preferred Skills- Hands-on experience with IaC security (Terraform, CloudFormation).- Exposure to container security (Docker, Kubernetes, EKS).- Knowledge of DevSecOps practices, security automation, and monitoring tools.- Familiarity with Splunk, DataDog, or other SIEM solutions for security monitoring.- Experience working in regulated industries (finance, healthcare, etc.) with compliance frameworks (e.g., PCI DSS, ISO 27001, SOC2). (ref:hirist.tech)