Application Security Architect at SAS | Hybrid Hired

About the role

Work in active partnership with development teams in identifying and building solutions to secure code and the implementation of application vulnerability scanning and penetration testing contributing documentation, developer guidance and training, and repositories with examples of best practices in secure architecture, design, design, and operational patterns and practices.
Perform risk based prioritized and periodic reviews of application architecture to identify security gaps and generally help improve the security posture of business-critical multi-tier applications in legacy, hybrid cloud, and public cloud environments.
Work cross organizationally with engineering (security champions, architects, and developers) and operations to assist in the identification, risk assessment, and remediation of security issues, and Product Management to ensure security implementations are consistent business objectives and customer requirements ensuring alignment to SAS security standards, policies, and procedures and other global regulatory requirements.
Assist in the creation of dashboards and on-demand reporting of a product division’s security posture and make recommendations for improvements aligning to Secure by Default and Zero Trust principles.
Identify, train, and partner with divisional Security Champions in place with product architecture and engineering teams.
Help champions assess and gauge risk to identify security gaps or seams in the products and integrated solutions.
Collaborate with other teams within security to identify new tools and processes to integrate into the Secure SDLC.
Recommend and promote software security policies, standards, and procedures that can improve the global security posture of the company.
Ensure all applicable security policies and processes are followed to support the organization's secure software development goals.

Requirements

Bachelor's degree with major study in technical disciplines such as Electrical Engineering or Computer Science.
5+ years of secure software development, secure system architecture and design, or related experience.
Demonstrated knowledge in securing enterprise web applications and the supporting systems and services as detailed by OWASP Top 10 for Web, CVSS, CWE/CVE, etc. extending to the effective remediation of issues surfaced by relevant SAST and DAST scanners and tooling.
Demonstrated ability to provide guidance to development and hosting/operational teams on the effective remediation of issues surfaced by relevant SAST and DAST scanners and tooling, reported by customers, or findings from internal/external offensive security testing or compliance audits.
An equivalent combination of related education, training and experience may be considered in place of the above qualifications.
2+ years of experience in developing or adopting software security patterns and best practices.
Demonstrated knowledge and willingness to learn security principles for Kubernetes, containers and micro-services, SaaS (public and private cloud deployments), ML, GenAI, and Agentic AI.
Experience with programming languages such as: Java, C/C++, C#, Rust, Python, JavaScript, PHP, Golang, etc.

Benefits

Comprehensive medical, prescription, dental and vision plans.
Medical plan options include: PPO with low annual deductible and copays.
HDHP combined with a health savings account with a contribution from SAS (no access to on-site health care center).
Onsite Health Care Center (HQ) that’s free to employees and family members enrolled in the PPO plan.
There's a pharmacy too! Not local to HQ? The pharmacy will ship prescriptions for no additional charge!
An industry-leading 401k plan.
Tuition Assistance Program and programs and resources to support your development.
Generous time away including vacation time, a variety of paid holidays, and our much-loved U.S. Winter Wellness Break between December 25 and January 1.
Volunteer Time Off, parental leave and unlimited paid sick days.
Generous childcare benefits for all full-time employees.

Similar roles

Browse all Security Engineer jobs

1 hour ago

HB

Huntington National BankSenior Segment Risk Manager – Cybersecurity

Segment Risk Manager supporting the Cybersecurity segment with risk management and governance. Collaborating on risk assessments and providing advisory on standards and practices.

Hybrid Role

Dallas United States Security Engineer

$93,000 - $189,000 per year

2 hours ago

TR

TruistSenior Cybersecurity Compliance Consultant

Penetration Testing Coordination Leader managing pre - testing activities and pipelines. Mentoring teams and ensuring timely execution of penetration tests in financial services context.

Onsite Role

Raleigh United States Security Engineer

2 hours ago

SG

Schönbrunn TASC GmbHSales Representative – IT Security Consulting Services

Sales Representative responsible for B2B IT - Security Consulting services. Focused on active sales, relationship management, and new business opportunities in cybersecurity.

Onsite Role

Leonberg Germany Security Engineer

2 hours ago

SG

Schönbrunn TASC GmbHHead of Cybersecurity Consulting

Leading Cybersecurity Consulting initiatives and teams to drive client security strategies at Schönbrunn TASC GmbH. Ensuring the development of secure digital solutions and fostering client relationships.

Hybrid Role

Leonberg Germany Security Engineer

3 hours ago

SE

SemperisSecurity Engineer

Security Engineer focusing on detection and response and collaborating with teams to secure infrastructure at Semperis. Building security monitoring solutions and contributing to risk management.

Hybrid Role

Tel Aviv Israel Security Engineer

4 hours ago

GC

Garmin ClujTeam Leader – Cybersecurity Engineering

Team Leader for Cybersecurity Engineering at Garmin leading a multidisciplinary team focused on Endpoint, Perimeter, and Cloud Security.

Hybrid Role

Cluj-Napoca Romania Security Engineer

5 hours ago

EL

ELEKSSenior BA/PO, Cyber Security

ELEKS is looking for a Solution Business Analyst in Poland. Involved in cybersecurity projects, transforming business needs into effective solutions.

Hybrid Role

Poland Security Engineer

5 hours ago

HI

HWI ITIT Engineer – Network & Security

IT Engineer managing network and security infrastructures for industrial clients. Focused on proactive development and troubleshooting in a collaborative team environment.

Hybrid Role

Malterdingen Germany Security Engineer

5 hours ago

HV

HvS-ConsultingCyber Security Management Consultant – ISMS

Cyber Security Management Consultant supporting clients with ISMS implementation and transitional audit preparation. Focused on secure implementation of information security management systems and client relationship management in cyber security.

Hybrid Role

Garching Germany Security Engineer

6 hours ago

AE

aedifionInformation Security Officer – Teilzeit

Information Security Officer ensuring effective ISMS for aedifion's energy - efficient building solutions. Focusing on continuous development, employee safety, and security controls in a tech - driven environment.

Hybrid Role

Köln Germany Security Engineer