Senior Application Security Architect – AppSec
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Senior Security Architect at Stone Tech focusing on integrating security into application development lifecycle. Collaborating with development teams to prevent vulnerabilities and enhance security measures.
Responsibilities:
- Define and implement security strategies for applications, including those that integrate LLMs and generative AI components
- Collaborate with development teams to integrate security practices from the beginning of the software development lifecycle
- Conduct architecture, code, and design reviews to identify potential vulnerabilities and security issues
- Define guardrails and standards for LLM-based applications, addressing risks such as prompt injection, insecure output handling, data leakage through outputs, excessive agent autonomy, and cost-abuse (denial-of-wallet)
- Establish guidelines for the safe use of AI-assisted development tools by engineering teams
- Develop and promote security standards and best practices across the development organization
- Provide technical guidance and security training
- Be familiar with tools for automated quality validation in the CI/CD pipeline such as SAST, DAST, SCA and Secret Scanning
- Stay up to date with security threats and evolving attack techniques and continuously update protective measures
- Develop creative solutions to complex security problems
- Use your security expertise and intuition to hunt for threats in corporate and production environments
- Read and communicate in English
Requirements:
- Bachelor's degree (completed or in progress) in Information Security, Computer Science, Information Systems, Software Engineering, or a related field
- Ability to identify opportunities for improvement, new solutions, and alerts that can benefit or streamline operations
- Use influencing and negotiation skills to guide teams to remediate issues or adopt security-appropriate architectures
- Concise, direct, and assertive communication
- Initiative to seek or request information when needed
- Passion for learning in a dynamic environment
- Knowledge of common attack vectors
- Experience performing threat modeling
- Experience with effective mechanisms to protect APIs and mobile applications
- Familiarity with core cloud services and security concepts (AWS, Azure, or GCP)
- Ability to work within multidisciplinary teams using agile methodologies
- Familiarity with security risks in applications that use LLMs and generative AI (references such as OWASP Top 10 for LLM Applications and MITRE ATLAS)
Benefits:
- 🩺 Health and Dental Insurance
- 🏥 Green Virtual Hospital available 24/7 for fast, convenient care
- 🥗 Meal Voucher and/or Food Voucher
- 💻 Remote Work Allowance (exclusive to remote positions)
- 🕗 Flexible working hours
- ✏ Education Benefit - internal platform with access to books, podcasts, trainings and video lessons for self-development (Studa and StoneCo Library)
- 💪 Wellhub
- 💪 TotalPass
- 👶 Childcare Assistance
- 💰 Profit Sharing (PLR)
- 💚 Life Insurance
- 🚗 Transport Voucher (exclusive to on-site positions)
Similar Jobs
Senior Security & Compliance Analyst
Senior Security & Compliance Analyst at Headspace ensuring security capabilities and adherence to compliance frameworks. Collaborating with cross-functional teams to mitigate risks in technology stack.
IT and Information Security Coordinator
IT and Information Security Coordinator at Tenchi managing security and IT support roles. Focused on Third-Party Cyber Risk Management with a dedicated team across multiple countries.
Senior Enterprise Architect, Security
Senior or Principal Enterprise Architect at Workday leading security-focused strategic conversations with customers. Using deep technology expertise to translate complex concepts into clear business outcomes.
Infrastructure Security Engineer, Secret Clearance
Infrastructure Security Engineer managing security for Protected B classified environments. Responsible for implementing security controls for cloud deployments and ensuring compliance with Canadian government standards.
Learning Facilitator, Security and Property Protection
WBS TRAINING employee representing the area of security and protective services. Focusing on competency development of course participants in a home office setting.
Security Advisor – Control Assessor
Security Advisor performing control gap assessments and advising on compliance in cybersecurity. Collaborating with clients to improve security measures and deliver tailored solutions.
Vice President – Technology and Security
Vice President of Technology and Security leading the technology strategy at NSTXL. Overseeing cybersecurity, AI strategy, and enterprise systems for government and defense environments.
Identity Security Manager – GOV
Identity Security Manager leading IAM and PAM operations for PNC's secure payment integration technology. Overseeing access management and driving continuous improvement in security processes.
Identity & Devices Security Architect – Client Consulting
Security Architect at Cyclotron designing Microsoft 365 Identity and Device Management tools. Collaborate with clients to improve security posture across Microsoft ecosystems.
Director of AI Security
Senior Leader for Securing AI responsible for defining and executing AI security strategy. Overseeing risk management for AI systems across the enterprise for leading healthcare technologies.
Cybersecurity Engineer II
Cybersecurity Engineer II responsible for security oversight and compliance of enterprise products and information systems. Collaborating with teams to ensure best security practices and address vulnerabilities.
Director of Cyber Security Architecture, Engineering Services
Director leading Cyber Security Architecture and Engineering at U.S. Fin Tech. Overseeing design and execution while ensuring compliance to cyber security policies.
Senior Security Engineer, GRC Automation
Senior Security Engineer designing and implementing GRC automation workflows at 1Password. Partnering with the Senior Manager of GRC to enhance security operations and compliance.
Lernbegleiter:in Sicherheit und Objektschutz
Trainer for security and protection at WBS TRAINING focusing on participants' competency development and utilizing various teaching methods. Providing specialist education from home office in WBS LearnSpace 3D.
AWS Cloud Security, ICAM Specialist
AWS Cloud Security and ICAM Specialist designing and managing secure authentication for cloud applications. Ensuring compliance with federal identity governance and cloud security principles.
Staff Security Engineer
Staff Security Engineer at Order.co driving security architecture and mentoring engineers. Overseeing technical improvements and complex security initiatives to protect company data.
Information Security Assessor – QSA Certified
Information Security Assessor leading PCI DSS assessments and client engagements in cybersecurity compliance at RSI Security. Collaborating with stakeholders and ensuring compliance with regulatory frameworks.
External Industry Risk & Security Governance Representative – ISO 17021, 17020, 42006
External Industry Risk & Security Governance Representative serving on the Impartiality Committee for RSI Security. Managing governance oversight and ensuring impartiality in certification processes with extensive industry experience.
Analista Blue Team – IBM QRadar
Analista Blue Team at It4us responsible for monitoring and incident response in corporate environments. Engage in high-criticality cybersecurity operations using IBM QRadar.
Especialista em Cyber Segurança – Resposta a Incidentes
Specialist in Cyber Security coordinating incident response operations at Grupo Casas Bahia. Evaluating and optimizing incident response processes and ensuring alignment with security policies.