Application Security Architect
The Application Security Architect is a leadership role in Appian’s Engineering department responsible for the strategic, technical, and operational direction of the Engineering Security Office, a cross-functional team of product engineers serving as security subject matter experts for the whole department. The group establishes industry-leading security processes and practices at each phase of the software development lifecycle, provides guidance on application security design and architecture, coordinates the prioritization of critical security-related activities and organizes educational initiatives and materials.
- Lay out the security architecture and operational roadmap for the Appian platform and our Engineering organization
- Manage the Engineering Security Office, define security-related roles and responsibilities, identify staffing needs, and recruit to fill them
- Participate in strategic activities to evangelize security objectives and ensure their appropriate consideration in product and operational planning
- Research enterprise security and privacy standards and best-practices and ensure we apply them in our application security design and remediation processes, justifying departures and innovations to them where appropriate
- Participate in functional and technical initiation activities to incorporate effective threat modeling and security standards and best practices into product design
- Educate team members and all engineers on application security standards and best practices, establishing regular educational activities, recommending and attending appropriate training and conferences
- Assist in our vulnerability remediation efforts by establishing effective triaging of bug findings and security scans, coordinating engineering response and guiding teams through the implementation of fixes
- Develop processes and automation for security reviews and testing activities, and evaluate application security tools to improve our detection and prevention capabilities
- Provide regular updates to department and company leadership on our platform’s security posture. Ensure cross-department collaboration and coordination of security efforts.
- Represent us in interactions with external auditors and regulatory agencies who will review and validate our technology approaches and implementations
- In-depth experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.
- Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation
- Solid knowledge of browser and mobile platforms security model, crypto, and network security. Familiarity with security tools such as static analysis, runtime analysis, black-box testing.
- Attacker mindset, and the passion to instill it into other engineers. Knowledgeable about tactics, techniques, and procedures used for software security exploitation. Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications.
- Highly motivated, able to define a vision and lead its execution, driven to overcome obstacles. Excellent communication and executive presentation skills. Ability to clearly articulate specifications and best practices for application security.
Preferred Experience Level
B.S. / M.S. in Computer Science, Electrical Engineering or related experience. 5+ years work experience in an application security role, prior enterprise software engineering experience, strong understanding of software security architecture, cloud platforms, SDLC.
Back to top