Application Security Architect

Job Description : AppSec Architect (AWS)

Experience : 7+ Years

Location : Bangalore / Gurugram / Noida

Position Overview :

We are seeking an experienced Application Security Architect (AWS) to design and implement secure application architectures for AWS-hosted services and applications.

The ideal candidate will have deep expertise in application security, cloud-native security practices, and AWS services, with the ability to provide architectural guidance, mentor engineering teams, and act as a subject matter expert (SME) in security governance, audits, and compliance.

This role requires a strong balance of hands-on technical ability and the capacity to engage with executive stakeholders, guiding security strategies and embedding secure-by-design principles across the enterprise.

Key Responsibilities :

- Design and implement application security architecture for AWS-hosted applications and services.

- Ensure secure-by-design initiatives across the SDLC, including threat modeling, risk assessments, and architecture reviews.

- Produce and review Architecture Decision Records (ADRs) to maintain robust documentation.

- Collaborate with software engineers, DevOps teams, security engineers, and cloud architects to align solutions with security best practices.

- Define and promote secure coding standards and security-focused CI/CD pipelines.

- Provide guidance on integrated security tools such as MAST, SAST, DAST, SCA, IaC scanning, and secret detection, tailored for cloud environments.

- Develop reusable security reference architectures and design patterns for AWS microservices, APIs, containers, and serverless workloads.

- Monitor and evaluate emerging AWS security features, providing recommendations for adoption.

- Support incident response and forensic investigations related to application-layer attacks.

- Guide remediation strategies for vulnerabilities and design flaws.

- Serve as a security SME in governance, audits, and compliance initiatives.

- Conduct architectural governance reviews, ensuring projects align with technical strategies, platform roadmaps, and enterprise standards.

- Drive detailed solution design and partner with stakeholders for implementation.

- Explore and pilot innovative security technologies, running PoCs to strengthen organizational security.

- Mentor and coach engineering colleagues on secure solution design, providing architectural advice and technical leadership.

- Participate in enterprise-wide architecture and engineering discussions, introducing new paradigms and solutions.

- Communicate security strategy and direction to senior leadership and executives.

Qualifications :

- 7+ years of experience in application security, software engineering, or security architecture roles.

- 3+ years of hands-on AWS experience with services such as IAM, KMS, CloudTrail, VPCs, CodePipeline, Terraform, etc.

- Deep understanding of AWS Compute, Storage, Networking, Data, and Security services.

- Strong expertise in SDLC security practices and cloud-native application patterns (microservices, containers, CI/CD).

- Experience implementing security controls in CI/CD pipelines (Jenkins, GitHub, GitHub Actions, etc.

- Proficiency in at least one programming language (e.g., Python, Java, Go, Node.js).

- Familiarity with OWASP Top 10, SANS CWE Top 25, and threat modeling methodologies (e.g., STRIDE).

- Strong communication skills with the ability to convey technical risks to executive stakeholders.

- At least one recognized security certification (e.g., GDSA, GCAD, GWAT, GWEB, GPEN, GCPN GXPN).

- Additional certifications are a plus : SABSA, TOGAF, AWS Certified Solutions Architect.

Preferred Skills

- Hands-on experience with IaC security (Terraform, CloudFormation).

- Exposure to container security (Docker, Kubernetes, EKS).

- Knowledge of DevSecOps practices, security automation, and monitoring tools.

- Familiarity with Splunk, DataDog, or other SIEM solutions for security monitoring.

- Experience working in regulated industries (finance, healthcare, etc.) with compliance frameworks (e.g., PCI DSS, ISO 27001, SOC2).