Principal Security Architect
Glocomms is partnered with an innovative Fintech company in the holdings space. We are seeking a highly experienced and strategic Principal Application Security Architect to lead the design and implementation of secure software and infrastructure solutions across the client's enterprise. This role is pivotal in shaping the cybersecurity strategy, driving secure product development, and ensuring robust risk management practices. The ideal candidate will possess deep technical expertise in application and infrastructure security, a strong understanding of compliance and regulatory requirements, and the ability to influence and collaborate across cross-functional teams.
Key Responsibilities
- Define and drive the application security architecture strategy aligned with business and security objectives.
- Lead threat modeling, vulnerability management, and secure design reviews across products and platforms.
- Collaborate with DevOps and engineering teams to embed security into CI/CD pipelines and API development.
- Establish and enforce security policies, standards, and best practices across the organization.
- Evaluate and implement security controls for containerized environments and public cloud providers (AWS, Azure, GCP).
- Assess and manage third-party risk and ensure secure integration of external services.
- Provide expert guidance on security frameworks (e.g., NIST, ISO 27001) and compliance with privacy laws and regulatory requirements.
- Partner with IT leadership, product teams, and business units to align security initiatives with business goals.
- Communicate complex security concepts to technical and non-technical stakeholders.
- Mentor junior security engineers and contribute to a culture of security awareness and innovation.
Qualifications
- Bachelor's degree in Computer Science or a related field; CISSP, SANS, or equivalent certifications
- 7+ years of experience in cybersecurity, focusing on application and infrastructure security, secure development, and compliance
- Proficient in DevOps, CI/CD, APIs, cloud platforms (AWS, Azure, GCP), container security, and application security tools
- Strong understanding of threat modeling, security controls, OWASP, NIST, ISO standards, and privacy laws like GDPR and HIPAA
- Excellent communicator with business acumen, an attacker mindset, and the ability to influence cross-functional teams
This is a hybrid role, based out of Dallas, TX. The client is not able to sponsor now or in the future. Please apply in if you are interested!
FAQs
Congratulations, we understand that taking the time to apply is a big step. When you apply, your details go directly to the consultant who is sourcing talent. Due to demand, we may not get back to all applicants that have applied. However, we always keep your resume and details on file so when we see similar roles or see skillsets that drive growth in organizations, we will always reach out to discuss opportunities.
Yes. Even if this role isn’t a perfect match, applying allows us to understand your expertise and ambitions, ensuring you're on our radar for the right opportunity when it arises.
We also work in several ways, firstly we advertise our roles available on our site, however, often due to confidentiality we may not post all. We also work with clients who are more focused on skills and understanding what is required to future-proof their business.
That's why we recommend registering your resume so you can be considered for roles that have yet to be created.
Yes, we help with resume and interview preparation. From customized support on how to optimize your resume to interview preparation and compensation negotiations, we advocate for you throughout your next career move.