Staff Application Security Architect

Rocket Mortgage


Job Location:

Seattle, OR - USA

Monthly Salary: Not Disclosed
Posted on: 12 hours ago
Vacancies: 1 Vacancy

Job Summary

As the Senior Application Security Architect you work strategically with engineering and product teams to enable the delivery of secure application patterns and software solutions. You design standard security requirements for how applications should be built deployed and maintained ensuring security is baked into the software development lifecycle from the start. You also build and mature team processes that empower development teams to own their softwares security posture while mentoring internal security team members.

About therole

  • Perform Security Reviews of applications throughout the SDLC including at the design and implementation phases through formal threat modeling and source code reviews focusing on designing secure applications from the start and ensuring secure design principles are correctly implemented.

  • Help to set strategic direction for application security initiatives shift-left processes and secure coding standards across the enterprise with a focus on treating security as quality.

  • Build relationships and collaborate with software engineering product and architecture teams to ensure alignment of company vision and secure coding goals.

  • Continually identify opportunities for improvement within software delivery pipelines and work with engineering leadership to implement automated security guardrails and remediations.

  • Collaborate with business product owners architecture and information security teams to enable the delivery of secure software patterns that support business velocity

  • Coordinate and drive initiatives for AppSec engineers to build execute and scale application security strategies.

  • Help to build processes that test the compliance and effectiveness of software security requirements through automated guardrails and continuous security testing.

  • Influence decision-makers in the areas of secure application architecture API design authentication/authorization controls and modern cloud deployment.

  • Create and evangelize application security policy sets and secure design patterns to be used throughout the company that balance velocity and external compliance requirements.

  • Work directly with development and audit teams to help align security architectures against upcoming compliance regulatory (e.g. SSDF Executive Orders on Cybersecurity) and contractual landscapes.

  • Mentor software engineers and information security team members on threat modeling secure code design and modern vulnerability remediation techniques.

Aboutyou

Minimum Qualifications

  • 10 years of experience in an information security application development with a secure coding background or software engineering role with a focus on secure code & design principles OR bachelors degree in computer science information security or a related field and 5 years of experience.

  • Proven experience performing architectural threat modeling on complex systems and applications using formal frameworks (e.g. STRIDE DREAD PASTA)

  • Strong ability to read write and audit code for security vulnerabilities with the ability to provide engineering teams with precise actionable remediation guidance

  • Deep technical familiarity with Java ecosystem (strongly preferred) as well as .NET and/or Python

  • Proficiency in at least one scripting language (e.g. PowerShell Bash Python) for automation and custom tooling

  • Demonstrated aptitude for leveraging AI-assisted engineering tools to drive operational efficiency balanced with the critical thinking required to identify validate and correct AI inaccuracies or hallucinations

  • Practical experience or working knowledge of the following:

    • Secure SDLC frameworks

    • DevSecOps pipeline integration (CI/CD)

    • SAST /DAST/SCA/Secret Scanning tooling

    • Identity and access management (OAuth 2.0 OIDC SAML)

    • Container security (Docker Kubernetes)

    • OWASP Top 10 / ASVS mappings

    • Familiarity with the MITRE ATT&CK Framework

  • Strong knowledge of fundamental InfoSec concepts such as least privilege zero trust architectures secure input validation layered security secure defaults etc.

  • Deep understanding of modern enterprise security risks such as software supply chain Security securing & hardening development environments and identifying and mitigating risk at scale.

Preferred Qualifications

  • Masters degree in computer science information security or a related field

  • Advanced expertise in architectural threat modeling and building automated threat modeling capabilities into developer workflows

  • OSCP OSWE GWAPT CISSP CCSP or other relevant security certifications

  • Hands-on experience scaling AppSec programs across large engineering organizations including integrating secure solutions across an organizations SDLC and/or experience administering a developer security champion program

  • Strong technical experience with Java

Whatyoullget

Our team members fuel our strategyinnovationand growth so we ensure the health and well-being of not just you but your family too! We goabove and beyondto give you the support you need on an individual level and offer all sorts of ways to help you live your best life. We are proud to offer eligible team members perks and health benefits that will help you have peace of mind. Simply put:Wevegot your back. Check out our full list ofBenefits and Perks.

On-Call Expectations
This role may include participation in an on-call rotation to support production systems and ensure service reliability. On-call responsibilities may include coverage during nights and weekends. If applicable frequency and scheduling will bedeterminedby team needs and communicated accordingly.

Aboutus

Rocketis a Detroit-based company made up of businesses that provide simplefastand trusted digital solutions for complex transactions. The name comes from our flagship business now known as Rocket Mortgage which was founded in 1985. Todaywerea publicly traded company involved in many different industries including mortgages fintech realestateand more.Wereinsistently different in how we look at the world and are committed to an inclusive workplace where every voice is heard.Apply today to join a team that offers career growth amazingbenefitsand the chance to work with leading industry professionals.

This job description is an outline of the primary responsibilities of this position and may bemodifiedat the discretion of thecompany at any time. Decisions related to employment are not based on race color religion national origin sex physical or mental disability sexual orientation gender identity or expression age military or veteran status or any other characteristic protected by state or federal law. Thecompany provides reasonableaccommodationsto qualified individuals with disabilitiesin accordance withapplicable state and federal laws. Applicantsrequiringreasonable accommodations in completing the application and/orparticipatingin the application process should contact a member of the Human Resources team at.

The compensation information below is provided in compliance with all applicable job posting disclosure requirements. The compensation for this position is$149000.00$318000.00.The position may also be eligible for an annual bonus incentives and other employment-related benefits including but not limited to medical dental and vision benefits 401K retirement plan and paid-time off. More informationregardingthese benefits and others can be foundhere. The informationregardingcompensation and other benefits included in this paragraph is the companys current good faithestimateat the time of posting. Compensation and benefits are subject to modification from time to time as the Company in its sole and exclusive discretiondeemsappropriate. The Company maydetermineduring its future reviews of the proposed compensation and benefits provided for this position that the compensation and benefits for suchpositionshould be no event will the Company reduce the compensation for the position to a level below the applicable jurisdictional minimum wage rate for the position. Los Angeles County and San Francisco Candidates only: qualified applicants with arrest or conviction records will be considered for employment per the Fair Chance Ordinance and the Fair Chance Initiative for Hiring.


Required Experience:

Staff IC

As the Senior Application Security Architect you work strategically with engineering and product teams to enable the delivery of secure application patterns and software solutions. You design standard security requirements for how applications should be built deployed and maintained ensuring securit...

About Company

Company Logo

The future of fintech is today. Join our team and explore the infinite possibilities of Rocket.

View Profile View Profile