Sr. Security Application Architect

Software Guidance & Assistance, Inc., (SGA), is searching for an Sr. Application Security Architect for a Contract assignment with one of our premier Regulatory clients in New York, NY, Tysons, VA, Woodbridge, NJ or Rockville, MDThe Senior Application Security Architect is responsible for designing, implementing, and overseeing enterprise-wide application security architecture and standards. This role focuses on establishing security frameworks, conducting architecture reviews, developing security baselines, and leading strategic security initiatives that have broad impact across the organization. The position requires a blend of technical expertise, architectural thinking, and leadership to embed security throughout the software development lifecycle. We are looking for a versatile resource who can handle multiple tasks at the same time and have great attitude.Job Responsibilities:Design and establish enterprise application security architecture frameworks and reference models aligned with business objectives and risk toleranceLead architecture reviews of applications and systems to identify security gaps and recommend appropriate controlsDevelop and maintain security baselines, standards, and patterns for different technology stacks (web, mobile, API, microservices) and deployment modelsCreate and evolve threat modeling methodologies (STRIDE, PASTA, OCTAVE) and facilitate threat modeling sessions with development teamsDefine secure coding standards and security requirements for different application types based on data classification and risk profileArchitect security solutions for authentication, authorization, encryption, and secure communication channelsEstablish security guardrails for cloud-native applications, serverless architectures, and infrastructure-as-code implementationsDesign and implement API security strategies including OAuth/OIDC flows, API gateways, and rate limitingIntegrate security architecture principles into CI/CD pipelines to support DevSecOps initiativesEvaluate and recommend security tools and technologies for the enterprise security tech stackDevelop security architecture roadmaps and guide implementation of security capabilitiesPartner with development teams to design secure solutions that balance security requirements with business needsLead strategic security initiatives with enterprise-wide impactLeverage GenAI technologies to enhance security architecture reviews and automate security analysisMaintain documentation of security architecture decisions, patterns, and reference implementationsDevelop and deliver security architecture training to raise security awareness among developers and architectsStay current with emerging security threats, technologies, and architectural approachesPerform security design reviews for new applications and major changes to existing applicationsArchitect secure data handling practices including encryption at rest and in transitQualifications:Bachelor's degree in Computer Science, Information Security, or related technical field required5+ years of experience in application security, with at least 2 years in security architecture rolesDeep knowledge of secure design principles, threat modeling methodologies, and security patternsExperience designing security controls for cloud environments (AWS, Azure, GCP)Proficiency in evaluating and implementing application security tools (SAST, DAST, IAST, SCA)Hands-on experience with security testing tools such as Burp Suite, OWASP ZAP, and other proxy toolsExperience with secure software development practices and DevSecOps implementationStrong understanding of OWASP Top 10, SANS CWE, and other security standardsKnowledge of secure authentication mechanisms (MFA, SSO, OAuth 2.0, SAML, OIDC)Experience with secure API design and implementation of API security controlsKnowledge of regulatory requirements (PCI-DSS, GDPR, SOX, etc.) and their architectural implicationsExperience with containerization, microservices, and API securityProficiency in one or more programming languages (Java, Python, JavaScript preferred)Experience with secure code review techniques and identifying common vulnerability patternsKnowledge of cryptographic protocols and implementationsExperience with security requirements for modern application architectures (SPA, serverless, etc.)Excellent communication skills with ability to translate complex security concepts to technical and non-technical audiencesExperience leading cross-functional security initiatives and influencing stakeholdersCertifications such as CSSLP, CISSP, AWS Security Specialty are highly desirableThis position requires a strategic thinker who can balance security requirements with business objectives while driving the organization toward a more secure application ecosystem.SGA is a technology and resource solutions provider driven to stand out. We are a women-owned business. Our mission: to solve big IT problems with a more personal, boutique approach. Each year, we match consultants like you to more than 1,000 engagements. When we say let's work better together, we mean it. You'll join a diverse team built on these core values: customer service, employee development, and quality and integrity in everything we do. Be yourself, love what you do and find your passion at work. Please find us at https://sgainc.com/ .SGA is an Equal Opportunity Employer and does not discriminate on the basis of Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status. We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, and our services, programs, and activities. Please visit our company EEO page to request an accommodation or assistance regarding our policy.