Lead Enterprise Application Security Architect

Title: Lead Enterprise Application Security Architect

Location: Tamps, FL | Southfield, MI | Denver, CO | Memphis, TN

This is a hybrid role requiring you to be in the office 2-3 days per week. Fully remote work is NOT an option.

Glocomms are partnered with a globally leading Wealth Management firm in support of the growth of the Application Security Architecture Team. We are searching for a Lead Enterprise Application Security Architect with deep expertise in identifying and mitigating security risks during the software development lifecycle. This includes evaluating system designs for potential vulnerabilities, guiding engineering teams through secure coding practices, and supporting them in resolving security issues within their applications. The role also involves developing tailored security frameworks and architectural guidelines based on prior assessments and recognized industry standards.

Key responsibilities:

• Lead secure design reviews and threat modeling sessions for new projects, features, and architectural changes, ensuring compliance with industry standards, regulatory requirements, and internal security policies.
• Evaluate adherence to architectural standards, minimize technical debt, and adapt enterprise assets (systems, services, and data) for major programs.
• Partner with development teams to provide support and guidance in addressing security vulnerabilities identified during design, code reviews, and testing phases.
• Create and maintain secure reference architectures to guide the design and implementation of secure systems and applications, customized to the organization's specific technologies and needs.
• Collaborate with cross-functional teams, including development, infrastructure, and compliance, to integrate security practices into the software development lifecycle and infrastructure provisioning.
• Offer expert advice on security issues, including encryption, authentication, access control, and secure communication protocols.
• Keep up-to-date with industry trends, emerging threats, and best practices in security architecture and design, and evaluate their relevance to the organization's security strategy.

Experience required:

• Bachelor's degree in Computer Science, Management Information Systems, or a related field, with at least 5+ years of relevant experience, or a combination of education, training, and experience as approved by Human Resources.
• Preferred: 7+ years of experience in security engineering, architecture, or a similar role, with a strong focus on threat modeling, secure design reviews, and vulnerability management.
• Solid understanding of web application security principles, secure coding practices, and common vulnerabilities (e.g., OWASP Top 10).
• Skilled in designing and implementing secure architectures for both on-premises and cloud environments (e.g., AWS, Azure).
• Demonstrated passion for protecting organizations from evolving threats.
• In-depth knowledge of authentication and authorization methods, including multi-factor authentication, step-up authentication, and single sign-on; familiarity with password-less solutions is a plus.
• Strong grasp of encryption methods, particularly certificate and token-based cryptography.
• Knowledgeable in network protocols and topologies.
• Experience with defense-in-depth strategies and incident response.
• Excellent communication skills, capable of engaging with a wide range of technical and business stakeholders.
• Experience in financial services is preferred but not required; the ability to quickly acquire relevant business knowledge is essential.