×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer

Application Security Architect

Job in New York, New York County, New York, 10261, USA
Listing for: ACLU
Full Time position
Listed on 2025-10-30
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
Salary/Wage Range or Industry Benchmark: 125000 - 150000 USD Yearly USD 125000.00 150000.00 YEAR
Job Description & How to Apply Below
Location: New York

About The Job

The ACLU seeks applicants for the full‑time position of Application Security Architect in the Information Security Department of the ACLU’s National office in New York, NY.

This hybrid role requires in‑office presence two (2) days per week or eight (8) days per month.

The Application Security Architect will define how secure applications are designed, integrated, and maintained across the ACLU’s cloud, SaaS, and hybrid environments. You’ll lead efforts to embed security throughout the software development lifecycle (SDLC), own our internal Security Architecture Review (SAR) process, and guide secure integration practices for highly customized platforms and third‑party applications critical to our civil liberties mission.

The role collaborates closely with product, platform, engineering, Dev Ops, IT, and affiliates to assess and mitigate risks associated with application design, data flows, integrations, and third‑party software usage. You’ll help set and enforce security standards, perform hands‑on threat modeling, define secure development and deployment patterns, and directly support high‑impact systems involving donor data, legal case workflows, and internal operational apps.

This hands‑on technical leadership role will own and drive the ACLU’s application security efforts across both internally developed and externally adopted applications.

Position is part of a collective bargaining unit represented by ACLU Staff United (ASU).

What You’ll Do

Reporting to the Director, Security Architecture & Engineering, the Application Security Architect will define and drive the ACLU’s application security roadmap from code to cloud and everything in between.

YOUR DAY TO DAY
  • Lead the ACLU’s Application Security Program, owning the Info Sec SDLC strategy and continuous improvement of application‑layer security across cross‑functional teams.
  • Own the Security Architecture Review (SAR) process, including intake, risk evaluation, documentation, and partner engagement.
  • Perform and guide threat modeling for new applications, integrations, and high‑risk workflows—including financial systems, legal platforms, and supporter/donor tools.
  • Define secure design patterns for authentication (OAuth/OIDC), secrets management, API authorization, session handling, and data flow protections across internal and third‑party systems.
  • Evaluate, deploy, and maintain App Sec tooling such as SAST, DAST, SCA, API security tools, and secrets detection platforms, based on risk and developer stack alignment.
  • Partner with stakeholders to assess internal cloud apps, low‑code tools, and internal workflow automations for security risks.
  • Oversee application‑layer vulnerability triage, analysis, and escalation—including issues from internal testing, coordinated disclosure, and external penetration testing.
  • Collaborate with platform owners of high‑risk SaaS platforms to validate that application‑level security controls—auth

    Z, audit logging, IP allow lists, token lifetimes, etc.—are in place and enforced.
  • Ensure application‑layer security extends across data ecosystems, including ETL and reverse ETL pipelines, data warehouse platforms (e.g., Redshift, Snowflake), and high‑risk integrations that move or transform sensitive donor, legal, or supporter data between internal systems and external SaaS tools.
  • Identify and reduce emerging application‑layer risks related to AI adoption, including prompt injection, model abuse, insecure integrations with LLM APIs, and exposure of sensitive data through AI‑powered features or automations.
FUTURE ACLU'ERS WILL
  • Be committed to advancing the mission of the ACLU.
  • Center and embed the principles of equity, inclusion and belonging in their work by demonstrating commitment to diversity with an approach that respects and values multiple perspectives.
  • Be committed to work collaboratively and respectfully toward resolving obstacles and conflicts.
What You’ll Bring
  • Extensive experience in application or product security, secure software development, or Dev Sec Ops  architecture.
  • Practical experience designing and implementing secure SDLC, App Sec testing workflows, or automated CI/CD security gates.
  • Deep understanding of…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search