Application Security Architect

Do you love diving deep into complex systems? Are you passionate about helping engineering teams ship secure, high‑quality software? Do you get energy from solving practical security problems at scale and partnering closely with developers, architects, and product teams?

If so, we’d love to talk to you.  is looking for an Application Security Architect to join our growing security organization—initially as the primary owner of application security, with the opportunity to help shape and potentially build the App Sec function over time. You’ll play a hands‑on, influential role in shaping how we build secure software across a diverse ecosystem—including mobile apps, cloud services, on‑prem systems, IoT devices, and emerging AI‑powered features.

You’ll collaborate with engineers across the company, participate in design reviews, lead threat modeling, and help teams adopt secure development practices that keep our customers and partners safe.

offers an environment where you can meaningfully impact both technology and culture. You’ll work with smart, friendly engineers, cutting‑edge products, and a platform that spans everything from home automation to large‑scale data processing. If you enjoy a blend of deep technical work, cross‑team partnership, and practical security engineering, this could be the perfect place to grow your career.

• Vulnerability Management: Triage and track inbound findings from SAST, DAST, IAST, SCA tools, and external sources (bug bounty, penetration tests). Maintain strong awareness of vulnerability trends and exploitability. Prioritize remediation using a risk-based approach, partnering directly with engineering teams.
• Secure SDLC Integration: Partner with engineering and platform leadership to embed security practices throughout the development lifecycle. Influence and evolve the App Sec tooling and automation roadmap—including emerging AI‑assisted capabilities—through prototyping, evaluation, and feedback.
• Threat Modeling & Design Reviews: Lead threat modeling and participate in feature‑team design reviews to ensure security best practices are applied across new features and architectural changes. Collaborate early with engineers, architects, and tech leads during design sessions to identify risks, guide secure design decisions, and embed security into system architecture.
• Code & Application Reviews:
  Perform deep, targeted reviews of high‑risk code paths, APIs, authentication/authorization flows, and sensitive components. Coordinate with Penetration Testers, Red Teams, and Compliance teams to ensure holistic coverage.
• AI & LLM Security: Partner with teams adopting AI and LLM‑based systems—both internal tooling and production features—to ensure secure design, model and data protection, prompt/input validation, and safe integration patterns. Assess and mitigate risks related to data leakage, model behavior, supply chain concerns, and emerging AI security threats.
• Automation & Tooling: Build and maintain security automation integrated into CI/CD pipelines. Automate detection, validation, and developer‑friendly remediation workflows to improve signal quality and reduce friction.
• Developer Guidance & Training: Serve as a domain expert and partner to engineering teams. Deliver workshops, provide secure coding guidance, and help teams adopt effective security controls and testing practices.
• Cloud Application Security: Advise on application‑layer security in cloud‑native environments, including identity, secrets management, network exposure, and service‑to‑service authentication.
• IoT Device & Platform Security: Provide security guidance for IoT devices and platform components, including OSS dependency risk analysis and security considerations for legacy or constrained devices.
• Security Policy & Compliance: Translate policy and compliance requirements into practical guidance for developers. Contribute to policy evolution and support audit activities as needed.
• Incident Response: Collaborate with Info Sec during security incidents and investigations. Maintain and evolve runbooks and contribute to post‑incident reviews to drive systemic improvements.