Application Security Architect
1 week ago
Job Summary: 7-Eleven InfoSec is seeking a technically proficient Application Security Architect to lead and enhance the security posture of its applications and products. This role involves designing and implementing security solutions across modern application architectures, including Web application, APIs, microservices, and cloud-native platforms. The ideal candidate will be responsible for performing detailed threat modeling, securing API and microservice communications, and integrating security practices across the software development lifecycle (SDLC). Drive and maintain security throughout the entire Software Development Life Cycle.
Key Responsibilities:
API Security Design and Implementation:
- Design and implement secure API architectures by incorporating authentication, authorization (OAuth 2.0, JWT, etc.), and encryption mechanisms.
- Enforce API security best practices including rate limiting, input validation, logging, and auditing.
- Secure external API integrations and manage API gateways for secure traffic management.
- Thorough understanding of OWASP top 10 API Risks and OWASP REST API Cheat sheet. Identify common proactive controls for applications (e.g., Open Web Application Security Project (OWASP))
- Good understanding of OAuth2.0 & OIDC standards
- Expertise in designing security for APIs architecture styles (like REST, Webhooks, WebSocket, GraphQL, gRPC, MQTT) and microservices architectures in cloud-native environments (AWS, Azure, GCP, OCI).
Microservices Security Architecture:
- Architect and implement secure microservices that utilize containerization (e.g., Docker) and orchestration (e.g., Kubernetes) with a focus on service-to-service authentication, service mesh security, and east-west traffic protection.
- Apply Zero Trust principles to microservices, ensuring network segmentation, secure communication (mTLS), and secret management (e.g., HashiCorp Vault).
Threat Modeling and Risk Assessments:
- Perform threat modelling (e.g., STRIDE, PASTA) for critical applications to identify vulnerabilities and recommend appropriate security controls.
- Conduct architectural risk assessments on new and existing systems to identify and prioritize risks, integrating security by design.
- Utilize any static tools such as OWASP Threat Dragon or Microsoft Threat Modeling Tool or any other automated Threat Modeling tools for systematic risk analysis and mitigation strategies.
- Having clear understanding of risk factors, risk related concepts and risk assessment.
Secure Software Development:
- Champion Secure Development Lifecycles (SDLC), ensuring security is embedded in every stage from design to deployment. Drive and maintain security throughout the entire Software Development Life Cycle.
- Integrate Software Development Life Cycle (SDLC) with application security architecture (e.g., Requirements Traceability Matrix (RTM), security architecture documentation, secure coding)
- Define and enforce secure coding standards (e.g., OWASP Top 10, SANS Top 25, OWASP Cheat Sheet series) across development teams.
- Integrate security automation in the CI/CD pipelines, leveraging tools for Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).
- Depending on the area of work, perform evaluation and selection of the components, design of hardware, software, process and service components of the solution, assurance of deployment architectures, and guide secure engineering practices in development.
Cloud and Container Security:
- Determine application security capability requirements and strategy (e.g., open source, Cloud Service Providers (CSP), Software as a Service (SaaS)/Infrastructure as a Service (IaaS)/ Platform as a Service (PaaS) environments)
- Able to assess cloud-native application architectures with a focus on security
- Design and implement security controls for cloud-native applications using secure deployment frameworks such as Infrastructure as Code (IaC), ensuring proper configuration of AWS, Azure, or GCP environments.
- Deep expertise either with AWS or Microsoft Azure security. Cloud security compliance, cloud data security, cloud threat and incident management, WAF, VPC Security controls, Security log management
- Design and develop security architectures for cloud and cloud/hybrid-based systems.
- Exposure to Kubernetes, container security, network security, virtualization
Identity and Access Management (IAM):
- Detailed technical knowledge of techniques, standards and for authentication / authorization / identity-management (SSO/OAuth/OpenID/RBAC/ABAC etc)
- Ensure multi-factor authentication (MFA) and role-based access control (RBAC) are applied to sensitive components and APIs.
Third-Party and Supply Chain Security:
- Assess and secure the software supply chain by conducting third-party security assessments on libraries, frameworks, and external services used in the application ecosystem.
- Implement processes for verifying Software Bill of Materials (SBOM) and ensure secure use of open-source components through regular security patching and auditing.
Qualifications:
- Post graduate or Graduate in computer science, Information Security, or a related field.
- A minimum of 10+ years of experience in application security architecture and secure software development.
- Knowledge of security standards such as OWASP Top 10 (Web, API, CI/CD), NIST CSF 2.0, NIST (SP800-218, SP800-37, SP800-53r5, SP800-161), ISO, SOC 2, GDPR, and PCI DSS, CIS Controls.
- Relevant cybersecurity certifications such as CSSLP, CISSP, CCSP, or AWS Certified Security - Specialty and other similar cloud security certifications are a plus
-
Digital Security Architect
2 weeks ago
Bengaluru, Karnataka, India RSA Security Full timeJob SummaryWe are seeking a seasoned Digital Security Architect to join our team at RSA Security. As a key member of our security team, you will be responsible for designing and implementing secure software and product lifecycle management solutions.About the RoleThis is an exciting opportunity for a highly skilled professional with experience in penetration...
-
Cloud Security Architect Lead
2 weeks ago
Bengaluru, Karnataka, India Oleria Security Full timeAbout Oleria SecurityOleria Security is a leading cybersecurity startup revolutionizing access control solutions for enterprise cloud applications. With over $43M in funding, we're on a mission to reduce the opportunity and scope of data breaches.Our VisionWe envision a world where identity-based attacks are a thing of the past. Our cutting-edge technology...
-
Application Security Architect
1 week ago
Bengaluru, India 7-Eleven Global Solution Center – India Full timeJob Summary: 7-Eleven InfoSec is seeking a technically proficient Application Security Architect to lead and enhance the security posture of its applications and products. This role involves designing and implementing security solutions across modern application architectures, including Web application, APIs, microservices, and cloud-native platforms. The...
-
Application Security Architect
1 week ago
Bengaluru, India 7-Eleven Global Solution Center – India Full timeJob Summary: 7-Eleven InfoSec is seeking a technically proficient Application Security Architect to lead and enhance the security posture of its applications and products. This role involves designing and implementing security solutions across modern application architectures, including Web application, APIs, microservices, and cloud-native platforms. The...
-
RSA - Application Security Engineer
3 months ago
Bengaluru, India RSA Security Full timeRSA - Application Security Engineer (Location: Hybrid/ Remote India) RSA offers mission-driven security solutions that provide organizations with a unified approach to managing digital risk that hinges on integrated visibility, automated insights and coordinated actions. RSA solutions are designed to effectively detect and respond to advanced...
-
Principal software engineer
20 hours ago
Bengaluru, India System Two Security Full timeDescriptionAs a Principal Software Engineer at System Two Security, you will play a crucial role in developing and maintaining the software stack that powers our innovative AI-driven cybersecurity solutions. This senior position demands a blend of advanced back-end skills, with a focus on creating seamless, efficient, and scalable applications. Additionally,...
-
Application Security Architect
1 week ago
Bengaluru, India 7-Eleven Global Solution Center – India Full timeJob Summary:7-Eleven InfoSec is seeking a technically proficient Application Security Architect to lead and enhance the security posture of its applications and products. This role involves designing and implementing security solutions across modern application architectures, including Web application, APIs, microservices, and cloud-native platforms. The...
-
Cybersecurity Architect Application Security
4 months ago
Bengaluru, India NETSACH GLOBAL Full timeGreetings from Netsach - A Cyber Security Company.Job Summary: We are looking for Cybersecurity Architect with strong Application Security experience, Cybersecurity (CISM or CISSP preferred), Experience with AI / ML /IoT & 2g /3g/4g/5g experience and DevOps. Cybersecurity Architect with Application Security experience. Job Title: Cybersecurity Architect...
-
Bengaluru, India System Two Security Full timeDescriptionAs a Principal Software Engineer at System Two Security, you will play a crucial role in developing and maintaining the software stack that powers our innovative AI-driven cybersecurity solutions. This senior position demands a blend of advanced back-end skills, with a focus on creating seamless, efficient, and scalable applications. Additionally,...
-
Secure Application Architect III
2 weeks ago
Bengaluru, Karnataka, India AMEX Full timeTransforming Home ShoppingWayfair, one of the world's largest online destinations for home goods, is seeking an experienced Secure Application Architect III to join their Application Security Team. In this role, you will be responsible for safeguarding the security of development and custom products, engaging with hundreds of developers to review and improve...
-
Cybersecurity Architect
3 weeks ago
Bengaluru, Karnataka, India NETSACH GLOBAL Full timeCybersecurity Architect - Application Security ExpertWe are seeking a highly skilled Cybersecurity Architect with strong expertise in Application Security to join our team at Netsach Global.Estimated Salary: ₹1200000 - ₹1800000 per annum.About the Role:Develop and implement secure software development lifecycles (SSDLC) to ensure robust application...
-
Principal Software Engineer
3 days ago
Bengaluru, India System Two Security Full timeDescription As a Principal Software Engineer at System Two Security, you will play a crucial role in developing and maintaining the software stack that powers our innovative AI-driven cybersecurity solutions. This senior position demands a blend of advanced back-end skills, with a focus on creating seamless, efficient, and scalable applications....
-
Principal Software Engineer
24 hours ago
Bengaluru, India System Two Security Full timeDescription As a Principal Software Engineer at System Two Security, you will play a crucial role in developing and maintaining the software stack that powers our innovative AI-driven cybersecurity solutions. This senior position demands a blend of advanced back-end skills, with a focus on creating seamless, efficient, and scalable applications....
-
Principal Software Engineer
2 days ago
Bengaluru, India System Two Security Full timeDescription As a Principal Software Engineer at System Two Security, you will play a crucial role in developing and maintaining the software stack that powers our innovative AI-driven cybersecurity solutions. This senior position demands a blend of advanced back-end skills, with a focus on creating seamless, efficient, and scalable applications....
-
Application Security Architect
3 months ago
Bengaluru, Karnataka, India Mitel Full timeAt Mitel, you will have the opportunity to help businesses connect, collaborate and provide better experiences for our customers. You will deliver valuable contributions in creating business success within our global organization utilizing your unique attributes, skills and experience. Overview: Mitel is looking for an experienced Application Security...
-
Security architect
1 week ago
Bengaluru, India Tata Consultancy Services Full timeGreetings from TCS!Job Title: Security ArchitectRequired Skillset:We are seeking a motivated Security Architect/Lead with ITIL experience and AWS knowledge to join our team. The Security Architect/Lead will be responsible for designing and implementing security controls for our organization, using their in-depth knowledge of SIEM tools, ITIL and AWS...
-
Enterprise Cloud Security Architect
1 week ago
Bengaluru, Karnataka, India Oleria Security Full timeAbout UsOleria Security is a leading enterprise cybersecurity startup revolutionizing access control solutions for cloud applications. Founded by industry pioneers, we've received over $43M in funding from top investors and have a mission to reduce data breaches.
-
Security Architect
1 week ago
Bengaluru, India Tata Consultancy Services Full timeGreetings from TCS!Job Title: Security ArchitectRequired Skillset:We are seeking a motivated Security Architect/Lead with ITIL experience and AWS knowledge to join our team. The Security Architect/Lead will be responsible for designing and implementing security controls for our organization, using their in-depth knowledge of SIEM tools, ITIL and AWS...
-
Security Architect
1 week ago
Bengaluru, India Tata Consultancy Services Full timeGreetings from TCS! Job Title: Security Architect Required Skillset: We are seeking a motivated Security Architect/Lead with ITIL experience and AWS knowledge to join our team. The Security Architect/Lead will be responsible for designing and implementing security controls for our organization, using their in-depth knowledge of SIEM tools, ITIL and AWS...
-
Security Architect
1 week ago
Bengaluru, India Tata Consultancy Services Full timeGreetings from TCS!Job Title: Security ArchitectRequired Skillset:We are seeking a motivated Security Architect/Lead with ITIL experience and AWS knowledge to join our team. The Security Architect/Lead will be responsible for designing and implementing security controls for our organization, using their in-depth knowledge of SIEM tools, ITIL and AWS...