Application Security Architect (Santa Monica, CA)

We're looking for a...
Application Security Architect (Santa Monica, CA)

The Application Security Architect position is a hands-on role that involves evaluating and enforcing application security in all phases of the Software Development Life Cycle (SDLC). This position will work closely with our engineering teams to define the application security standards, perform software architecture design reviews and threat modeling, conduct white box security testing, and support the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms.

In this role you will...

  • Participate in architecture design reviews with senior engineering and product management staff to incorporate effective threat modeling and security standards into product design
  • Participate in strategic activities to evangelize security objectives and ensure their appropriate consideration in product and operational planning across all teams
  • Educate team members and all engineers on application secure coding standards and best practices, establish regular educational activities, recommend and attend appropriate training
  • Develop processes and automation for security reviews and testing activities including those within the CI/CD pipelines, and evaluate application security tools to improve our detection and prevention capabilities
  • Provide regular updates to department and company leadership on our platform's security posture. Ensure cross-department collaboration and coordination of security efforts
  • Conduct white box security testing to assess and validate application security
  • Monitor and track progress of found vulnerabilities and maintain the history
  • Explain and demonstrate vulnerabilities to application/system owners, and provide recommendations for mitigation

You've got what it takes if you have...
  • Bachelor's degree in an Information Technology related field of study or equivalent experience
  • 5+ years of experience in web or mobile application security role
  • Knowledge of information security principles, web applications and a level of familiarity with malicious code and common techniques used by hackers
  • Knowledge of AWS or other cloud-based infrastructure architecture, services, and security
  • Knowledge of microservices architectures
  • Experience with HTML and JavaScript along with a solid understanding of HTTP protocol
  • Thorough understanding of SDLC, as well software security maturity models, such as Building Security In Maturity Model (BSIMM) or OWASP Software Assurance Maturity Model (SAMM)
  • Experience conducting secure code development training
  • Experience using Agile software development and project management
  • Experience with common SDLC tools: static and dynamic code analysis, open source management, threat modeling, etc.
  • Experience implementing security practices in automated CI/CD pipelines for application code, infrastructure, and/or serverless is a plus
  • Basic knowledge of SQL and prior experience with programming in one or more server-side technologies such as ASP.Net. .NET Core experience is a plus
  • Experience with securing Docker Containers is a plus
  • Knowledge of cryptographic tools or security APIs is a plus
  • Excellent problem solving and analytical skills; outstanding oral and written communication skills
  • Experience interacting with security vendors and customers
  • Self-motivation and the ability to work under minimal supervision
  • Excellent at multitasking, and open to constant learning
  • Energetic and positive attitude

Our Culture:

Our mission is to empower people, businesses and communities. A culture created less by what we do and more by who we are. When people are asked to describe the team, the answer is always the same: Smart, Cool, Dependable, and Visionary. We are not a typical tech company (even with our free massages, yoga studio, arcade, movie theatre, free breakfast and generous stock units), because, well, our employees aren't your typical techies...

We're always on the lookout for new, curious and capable people who can help us achieve our goal. So if you want to work for a friendly, global and innovative company, we'd love to meet you! What are you waiting for?

What We Do:

Cornerstone OnDemand (NASDAQ: CSOD) helps organizations to recruit, train and manage their people. We work with hundreds of the world's largest companies-from Walgreens and Starwood Hotels & Resorts to Deutsche Post DHL and Xerox-and thousands of smaller ones to help them engage their workforces and empower their people. Our software impacts every aspect of the employee experience, helping people to make their best work even better - which ultimately translates into greater business results.

Our software and services are in use by over 40 million people in 190+ countries and in 40+ languages.

Check us out on Linkedin, The Muse, Glassdoor, and Facebook!

Equal Employment Opportunity has been, and will continue to be, a fundamental commitment at Cornerstone OnDemand. All qualified applicants are given consideration regardless of race, religion, color, gender, sex, age, sexual orientation, gender identity, national origin, marital status, citizenship status, disability, veteran status, or any other protected class as provided in applicable Federal, State, or Local fair employment laws. If you have a disability or special need that requires accommodation, please contact us at


Meet Some of Cornerstone OnDemand's Employees

Monty S.

Development Manager

Monty manages two Application Development Teams for Cornerstone OnDemand, overseeing those teams’ day-to-day projects and activities, ensuring that team members are continuing to grow in their careers.

Erica M.

Creative Design Manager

Erica manages the Design and Digital Media Teams at Cornerstone OnDemand, working to extend Cornerstone’s brand name through a variety of means, from advertising to video and beyond.

Back to top