Application Security Architect (m/f/d)
Aschaffenburg / Berlin / Achen / Düsseldorf (Hybrid Option Available)
Full-time
About the Role:
We are seeking a passionate and skilled Application Security Architect to strengthen the security of critical software solutions deployed across KRITIS industries. This role focuses on embedding security at every stage of the software development lifecycle, from initial design through continuous deployment. You’ll work hands-on to develop secure architectures, lead threat modeling efforts, and promote secure coding best practices across multiple teams.
This is an exciting opportunity for someone who thrives on designing innovative security strategies, collaborating cross-functionally, and enabling secure, scalable software solutions for both on-premises and cloud environments.
Key Responsibilities:
• Define and implement application security strategies, processes, and controls.
• Design and integrate a Secure Software Development Lifecycle (Secure SDLC) tailored to agile development environments.
• Select, implement, and manage Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools.
• Lead threat modeling activities using industry-recognized frameworks (e.g., STRIDE, PASTA) and work closely with security leadership.
• Coordinate application security testing efforts across products and platforms.
• Embed security into CI/CD pipelines, development workflows, and infrastructure practices.
• Manage application vulnerabilities, oversee patch management processes, and ensure Software Bill of Materials (SBOM) compliance.
• Ensure proper licensing and compliance management for open-source software components.
• Educate and mentor development teams on secure coding principles and security-first thinking.
• Architect secure solutions that align with both organizational goals and regulatory requirements.
• Communicate security risks, recommendations, and strategies effectively to both technical and non-technical audiences, including senior leadership.
• Stay current with evolving threats, technologies, and security best practices to continually enhance security posture.
Skills & Qualifications:
• Strong understanding of web application vulnerabilities (e.g., OWASP Top 10) and mitigation techniques.
• Proven experience in secure coding practices and modern development methodologies.
• Hands-on experience with cloud platforms and containerized environments (e.g., Docker, Kubernetes).
• Familiarity with security standards and frameworks (e.g., NIST CSF, OWASP ASVS).
• Industry certifications such as CISSP, CSSLP, or equivalent are a plus.
• High level of motivation, curiosity, and a proactive approach to problem-solving.
• Excellent analytical thinking, with an ability to quickly grasp complex technical concepts.
• Strong communication skills, with the ability to convey technical details clearly and concisely across diverse audiences.
• Team-oriented mindset with the drive to promote collaboration, innovation, and knowledge sharing.
• Comfort working in fast-paced, agile, and lean environments.
