Application Security Consultant (Architect and Engineer) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Hatch Pros · 17 hours ago

Application Security Consultant (Architect and Engineer)

positionRockville, MD
timeContract
remoteHybrid
senioritySenior Level
date5+ years exp

Hatch Pros is seeking a Senior Application Security Architect and Engineer responsible for designing, implementing, and overseeing enterprise-wide application security architecture and standards. The role involves establishing security frameworks, conducting architecture reviews, developing security baselines, and leading strategic security initiatives to enhance application security throughout the software development lifecycle.

Information Technology & Services

Responsibilities

Design and establish enterprise application security architecture frameworks and reference models aligned with business objectives and risk tolerance
Lead architecture reviews of applications and systems to identify security gaps and recommend appropriate controls
Develop and maintain security baselines, standards, and patterns for different technology stacks (web, mobile, API, microservices) and deployment models
Create and evolve threat modeling methodologies (STRIDE, PASTA, OCTAVE) and facilitate threat modeling sessions with development teams
Define secure coding standards and security requirements for different application types based on data classification and risk profile
Architect security solutions for authentication, authorization, encryption, and secure communication channels
Establish security guardrails for cloud-native applications, serverless architectures, and infrastructure-as-code implementations
Design and implement API security strategies including OAuth/OIDC flows, API gateways, and rate limiting
Integrate security architecture principles into CI/CD pipelines to support DevSecOps initiatives
Evaluate and recommend security tools and technologies for the enterprise security tech stack
Develop security architecture roadmaps and guide implementation of security capabilities
Partner with development teams to design secure solutions that balance security requirements with business needs
Lead strategic security initiatives with enterprise-wide impact
Leverage GenAI technologies to enhance security architecture reviews and automate security analysis
Maintain documentation of security architecture decisions, patterns, and reference implementations
Develop and deliver security architecture training to raise security awareness among developers and architects
Stay current with emerging security threats, technologies, and architectural approaches
Perform security design reviews for new applications and major changes to existing applications
Architect secure data handling practices including encryption at rest and in transit
Perform security assessments and manual penetration testing using tools such as Burp Suite and other proxy tools
Triage static (SAST), dynamic (DAST), interactive (IAST) analysis results to identify, prioritize and remediate security vulnerabilities
Integrate security practices into C/CD pipeline to support DevSecOps initiative
Maintain documentation of security findings, remediation plans, and compliance requirements
Develop and interpret security policies and procedures Participate in security compliance efforts
Develop and deliver training materials and perform general security awareness and specific security technology training
Evaluate and recommend new and emerging security products and technologies
Leverage GenAI technologies to scale application security reviews and automate code analysis
Evaluate various application security tools/capabilities i.e., SAST,DAST, IaC, Secrets detection tools
Stay current with emerging security threats and countermeasures
Ability to train or explain the common security issues to raise the security awareness among developers and assurance engineers
Perform AWS configuration reviews

Qualification

Application Security ArchitectureThreat Modeling MethodologiesSecurity Tools ImplementationSecure API DesignCloud Security ControlsSecure Coding StandardsDevSecOps ImplementationProgramming LanguagesSecurity Compliance KnowledgeTrainingAwarenessCommunication SkillsLeadership SkillsCollaboration SkillsStrategic ThinkingProblem SolvingAdaptabilityAttention to Detail

Required

Bachelor's degree in Computer Science, Information Security, or related technical field required
5+ years of experience in application security, with at least 2 years in security architecture roles
Deep knowledge of secure design principles, threat modeling methodologies, and security patterns
Experience designing security controls for cloud environments (AWS, Azure, GCP)
Proficiency in evaluating and implementing application security tools (SAST, DAST, IAST, SCA)
Hands-on experience with security testing tools such as Burp Suite, OWASP ZAP, and other proxy tools
Experience with secure software development practices and DevSecOps implementation
Strong understanding of OWASP Top 10, SANS CWE, and other security standards
Knowledge of secure authentication mechanisms (MFA, SSO, OAuth 2.0, SAML, OIDC)
Experience with secure API design and implementation of API security controls
Knowledge of regulatory requirements (PCI-DSS, GDPR, SOX, etc.) and their architectural implications
Experience with containerization, microservices, and API security
Proficiency in one or more programming languages (Java, Python, JavaScript preferred)
Experience with secure code review techniques and identifying common vulnerability patterns
Knowledge of cryptographic protocols and implementations
Experience with security requirements for modern application architectures (SPA, serverless, etc.)
Excellent communication skills with ability to translate complex security concepts to technical and non-technical audiences
Experience leading cross-functional security initiatives and influencing stakeholders
Bachelor's degree in a technical field such as computer science, computer engineering or related field required
5+ years of experience required in Cyber security and application security
Familiarity with SAST, DAST, IAST tools
Understanding of AWS is required
Deep understanding of OWASP top issues and remediation guidelines
Proficiency in one or more programming language (Java, Python, JavaScript is preferred)
Understanding of CI/CD tools such as Jenkins and GITLAB
Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security
Consistent implementation of security solutions
Experience in infrastructure or application-level vulnerability testing and auditing

Preferred

Certifications like GWAPT, OSWE, Burp Suite Certified Practitioner
Certifications such as CSSLP, CISSP, AWS Security Specialty are highly desirable
Familiarity with GenAI tools is a plus
Candidates with software development background is a plus

Company

Hatch Pros

twitter
company-logo
At Hatch Pros, we provide a unique blend of IT solutions and staffing services to businesses all across the USA.
dateFounded in 2024
location
Easton, Pennsylvania, US
people-size51-200 employees
web-link
https://hatchpros.net/

Funding

Current Stage
Growth Stage
Company data provided by crunchbase