Associate Architect - Product Security

2 Days ago • 10 Years + • Product

Job Summary

Job Description

We are seeking an Associate Architect for Product Security to define and enforce secure coding standards and best practices. Responsibilities include threat modeling, security architecture reviews, code analysis, and designing/implementing secure CI/CD pipelines with integrated security controls. The role involves automating security testing (SAST, DAST, IAST, SCA, container scanning) within the SDLC, evaluating and integrating security tools, and leading DevSecOps programs. Additionally, you will build automation for efficiency, leverage ASPM, implement Infrastructure as Code (IaC) security and cloud-native security controls, monitor and respond to security incidents, and collaborate with development teams for vulnerability remediation. Training and awareness programs will be developed, and you will stay current with emerging threats and security technologies, ensuring compliance with industry standards like OWASP and NIST.
Must have:
  • 10+ years of experience in application security
  • 6+ years in Application security, preferably in fintech
  • Strong understanding of web, mobile, API, cloud architectures
  • Experience with code reviewing in Java, JavaScript, .Net, C#, Python, or IaC
  • Hands-on experience with SCA, SAST, DAST, IAST, SBOM, ASPM, Apigee, WAF
  • Deep understanding of DevSecOps practices and CI/CD automation
  • Knowledge of cloud platforms (AWS, Azure) and Kubernetes, Docker
  • Experience building security controls for NIST CSF and SSDF frameworks
  • Ability to identify and summarize operational procedures and write SOPs
  • Good understanding of full stack software development best practices
  • Ability to collaborate cross-functionally and communicate effectively
  • Certifications such as CSSLP, OSWE, or CEH
Good to have:
  • Experience supporting developer tools as a security professional (IDE integration, PR checks)
  • Performing risk-based security reviews meeting OWASP, SOC2, GDPR requirements
  • Providing security scan reports

Job Details

Description

  • Responsibilities

    • Define and enforce secure coding standards and best practices.
    • Perform threat modeling, security architecture reviews, and code analysis. 
    • Design and implement secure CI/CD pipelines with integrated security controls. 
    • Automate security testing (SAST, DAST, IAST, SCA, container scanning) in SDLC process. 
    • Evaluate and integrate security tools and platforms  
    • Lead DevSecOps program in collaboration with DevOps, Operations and Engineering teams 
    • Build automation focused on efficiency (E.g. increase triaging efficiency, manage false positives etc.) 
    • Leverage ASPM and build workflows and reports  
    • Evaluate and integrate security tools and platforms 
    • Implement Infrastructure as Code (IaC) security and cloud-native security controls. 
    • Monitor and respond to security incidents in development and production environments. 
    • Collaborate with development teams to remediate vulnerabilities and design secure applications. 
    • Develop and deliver secure coding training and awareness programs. 
    • Stay current with emerging threats, vulnerabilities, and security technologies. 
    • Ensure compliance with industry standards (e.g., OWASP, NIST etc).   
Requirements 
    • Overall 10+ years of experience in application security, software development, or related roles. 
    • 6+ years of work experience in Application security, preferably in a fintech or financial services domain  
    • Strong understanding of web, mobile, API and cloud application architectures. 
    • Experience of code reviewing or code contributing in Java, Java Script, .Net. C#, Python, or IaC scripting. 
    • Hands-on experiences running SCA, SAST, DAST, IAST, SBOM, ASPM, Apigee, WAF etc., with approaches or optimizations for the tools to efficiently enforce the enterprise S-SDLC policies. 
    • Deep understanding of DevSecOps practices and experience in CI/CD automation for  one of the popular platforms, such as Gitlab, GitHub or Azure DevOps. 
    • Knowledge of cloud platforms (AWS, Azure) and container orchestration (Kubernetes, Docker). 
    • Perspective of supporting developer tools as a security professional (E.g. integrating security tools with IDE, PR checks etc.) 
    • The experiences in building security controls for a system that follows NIST CSF and SSDF frameworks and  performing the risk-based security reviews that meet the OWASP, SOC2, GDPR requirements.  
    • Ability to identify and summarize practical operational procedures, write standards or SOPs, and provide security scan reports. 
    • A good understanding of full stack software development and best practices for developing software (version control, branching, automation, IaC, documentation, testing, etc.)  
    • Ability to collaborate cross-functionally and communicate effectively with highly technical teams and provide written assessment reports as needed. 
    • Certifications such as CSSLP, OSWE, or CEH. 
     

Similar Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

Similar Skill Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

Jobs in Thiruvananthapuram, Kerala, India

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

Product Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

About The Company

Berwyn, Pennsylvania, United States (Hybrid)

Denver, Colorado, United States (Hybrid)

Thiruvananthapuram, Kerala, India (On-Site)

Berwyn, Pennsylvania, United States (On-Site)

Raleigh, North Carolina, United States (Remote)

Thiruvananthapuram, Kerala, India (On-Site)

Thiruvananthapuram, Kerala, India (On-Site)

Raleigh, North Carolina, United States (Remote)

Thiruvananthapuram, Kerala, India (On-Site)

Thiruvananthapuram, Kerala, India (On-Site)

View All Jobs

Get notified when new jobs are added by Yodlee

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug