Lead Enterprise AppSec Architect Job Southfield area,Michigan USA,IT/Tech

** _This position will follow our hybrid work model, we expect the selected candidate to be in office 10 days a month at one of the following office locations:
St. Petersburg, FL;
Memphis, TN, Southfield MI_*
* ** Responsibilities:*
* + Lead secure design reviews and threat modeling exercises for new applications, features, and architectural changes, ensuring adherence to industry standards, regulatory requirements, and organizational security policies.

+ Collaborate with development teams to identify and remediate vulnerabilities in application code and system designs, providing hands-on guidance and actionable recommendations.

+ Create and maintain secure reference architectures to serve as a foundation for implementing secure systems, applications, and solutions aligned with the organization's specific needs and technologies.

+ Act as a trusted advisor to development teams, integrating security considerations into the software development lifecycle and promoting secure coding practices.

+ Assess conformance with architectural standards, focusing on reducing technical debt and optimizing enterprise assets such as systems, services, and information.

+ Provide technical expertise on security matters, including encryption, identity and access management, and secure communication protocols.

+ Stay current with emerging security threats, trends, and best practices, applying relevant insights to enhance the organization's security posture.

+ Collaborate with cross-functional teams, including infrastructure, Dev Ops tooling, and compliance, to align security measures with organizational goals and ensure seamless integration.

+ Support security incident response efforts by contributing architectural expertise and defense-in-depth strategies as needed.

+ Perform other duties and responsibilities as assigned, including occasional non-standard shifts or on-call

*
* Skills:

*
* + 7+ years of experience in an application security engineering or architecture role, with a demonstrated focus on secure design reviews, threat modeling, and vulnerability management.

+ In-depth knowledge of web application security principles, secure coding practices, and addressing common vulnerabilities (e.g., OWASP Top 10).

+ Proficiency in designing secure architectures for on-premises and cloud (e.g. AWS, Azure) environments.

+ Strong understanding of OAuth, authentication, and authorization mechanisms, including multi-factor authentication, single sign-on, and emerging technologies like password-less authentication.

+ Experience in encryption technologies, such as certificate-based and token-based cryptography.

+ Familiarity with network protocols, topologies, incident response, and defense-in-depth strategies.

+ Understanding of SAST, DAST, and SCA scanning tool capabilities.

+ Experience integrating application security controls into automated CI/CD pipelines.

+ Exceptional communication skills, capable of bridging the gap between technical and business stakeholders.

+ Financial services experience is a plus but not required.

+ The ability to quickly acquire relevant business acumen is essential.