Application Security Architect

At Jabil we strive to make ANYTHING POSSIBLE and EVERYTHING BETTER. We are proud to be a trusted partner for the world's top brands, offering comprehensive engineering, manufacturing, and supply chain solutions. With over 50 years of experience across industries and a vast network of over 100 sites worldwide, Jabil combines global reach with local expertise to deliver both scalable and customized solutions. Our commitment extends beyond business success as we strive to build sustainable processes that minimize environmental impact and foster vibrant and diverse communities around the globe.

JOB SUMMARY

Provides technical leadership and is responsible for determining the direction for the IT architecture, standards, design and implementation approaches for the company's application systems, infrastructure and/or network-based cloud product systems. Creates, evaluates and implements plans and design proposals for high impact IT solutions and their use involving leading edge technologies and methods considering key factors such as their long-term effectiveness (service delivery and cost), practicality, technical limitations and criticality. This is an expert-level role requiring independent action to establish methods and procedures on new and/or special assignments.

ESSENTIAL DUTIES AND RESPONSIBILITIES

IT Architect

• Know and understand Jabil business strategy
• Know and understand Jabil IT strategy & objectives
• Define the overall solution architecture consistent with Jabil's methodology
• Be responsible for the technical solution by providing leadership for the customer, project manager, domain architects, domain specialists and application engineers to advance and deliver solutions
• Consult and Inform Enterprise Architects and Senior IT Architects to design and deliver solutions
• Earn trust of clients and management
• Assess merits of alternative technical approaches and gain consensus for best approach
• Learn, follow, promote, and improve recognized methodologies to design and deliver solutions
• Ensure that the non-functional requirements are satisfied including, but not limited to, security, disaster recovery, availability, and performance
• Researches technology and industry trends to hone both personal and Jabil's competitive edge
• Through modeling or prototyping, validate solution prior to full implementation
• Develop expertise in one of the following disciplines: Enterprise Architecture, Business Architecture, Information Architecture, Application Architecture, Technology Infrastructure Architecture
• Mentor IT professionals

• Design, build and integrate an enterprise SSDLC program within existing enterprise SDLC and CI/CD processes
• Develop and lead an Application Security domain roadmap and manage related strategy and planning activities

• Be responsible for the management of enterprise application and software security standards and promote their use and enhancement with new or existing solutions
• Influence the integration of application security principles in the solution design, processes, and standards, based on business, regulatory, or customer requirements.
• Provide architectural and design guidance, analysis, and direction, for enterprise-wide key projects and strategic initiatives as it relates to the information security and privacy. Find common ground and gain cooperation when conflicts arise and provide process improvements.
• Provide support and guidance to development teams on complex application security designs and vulnerabilities
• Training
• Promote Secure Software Development practices to development teams
• Lead and conduct secure software development training and awareness sessions for development teams
• Tools
• Provide Subject Matter Expertise for all application security technologies (SAST,DAST,SCA,WAF,etc) with heavy participation in key decision-making processes for the acquisition of current/new technologies

• Develop project plans and influence project organization
• Apply recognized system sizing methodology
• Vet change(s) with respect to scope, schedule, cost, risk, etc.
• Cross train staff to reduce delivery risk
• Define processes & methods necessary to support delivery/deployment
• Define management tools to support production environment

• Utilize Lean Six Sigma or other methods to identify & provide guidance on organizational improvement opportunities
• Perform root cause analysis and remediation actions
• Contribute to Jabil IP though development and submission of patents

• Comply with IT policy, procedure, and process
• Adhere to all safety and health rules and regulations associated with this position and as directed by supervisor
• Comply and follow all procedures within the company security policy

• Define technical job content & qualifications of key roles required to support technical infrastructure
• Work closely with management to assess and aid the development of staff skill sets
• Assist management to assess and help resolve staffing knowledge gaps

• Publish and present to customers, IT leaders and business executives
• Engage with vendors and third parties as needed
• Organize verbal and written ideas clearly and use an appropriate business style
• Ask questions; encourage input from staff
• Develop peer relationships with Senior IT Architects

• Typically reports to management.
• The purpose of this role is not primarily managerial, and the job is typically NOT directly responsible for managing employees (e.g., hiring/termination and/or pay decisions, performance management).

• Knowledge and experience in designing and building Secure SDLC program for a large enterprise
• Knowledge and experience in building secure development practices within CI-CD/DevOps processes
• Understanding of all architectural components and their interrelationships
• Knowledge of Software Engineering and Architectural Principles and methods
• Knowledge and experience in identification and mitigation of cyber security gaps within internally developed LLM, GenAI and Agentic AI models
• Knowledge and experience in performing risk assessments of LLM, GenAI and Agentic AI models
• Deep understanding of the relationship between application design, data, and infrastructure environments. Demonstrated experience working across security competencies, such as Identity and Access Management, Cloud Security, Data Security, and Application Security.
• Strong understanding of secure software development practices and technologies, including vulnerability detection/identification/remediation.
  • Strong and intimate knowledge of threat modeling (OWASP, MITRE).
• Strong understanding and experience of application vulnerabilities and remediation techniques
• Knowledge and experience with compliance & application security standards across the enterprise IT landscape; deep understanding of enterprise risk management methods and techniques to drive successful outcomes in a multi-national environment
• Experience and knowledge of enterprise DAST/SAST/SCA solutions (SNYC, BURP preferred), their deployment and adoption within large enterprises
• Experience and knowledge of managing WAF technologies
• Understanding of all architectural components and their interrelationships
• Knowledge of Software Engineering and Architectural Principles and methods
• Solid presentation and written communication skills
• Good judgment and the ability to handle stressful situations
• Team lead experience in application development
• Knowledge and experience of one or more languages e.g., Java, C#, etc.
• Knowledge and experience with server-side technologies
• Knowledge and experience with client-side technologies e.g., Node, Angular
• Knowledge and experience working in an Agile methodology
• Knowledge of SOA, including REST, SOAP, API Management, and other integration patterns e.g. ESB, EIP, etc.
• Knowledge of relational databases and SQL
• Knowledge of UML or ArchiMate
• Knowledge of cloud technologies
• Ability to define problems, collect data, establish facts, and draw valid conclusions

• Bachelor's degree required
• Post-graduate degree in Computer Science or Management Information Systems expected
• Minimum 12 years of experience in a related discipline
• Or, equivalent combination of education, training, or experience

• Certified Cloud Security Professional (CCSP)
• Certificate of Cloud Security Knowledge (CCSK)
• Cloud Security Essentials (GCLD)
• Cloud Security Automation (GCSA)
• Certified Web Application Defender (GWEB)
• Public Cloud Security (GPCS)
• Certified Cloud Penetration Tester (GCPN)
• Open CA Level 1: Certified
• TOGAF 9 Foundation
• ArchiMate 3 Foundation

• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)