Solution Architect – Application Security (AppSec), Zero Trust & Compliance
Indexed description
Role Overview: We are seeking a highly experienced Solution Architect – Application Security Lead to drive the design, implementation, and governance of enterprise-grade AppSec, Zero Trust architecture, and regulatory compliance frameworks.
This role will be responsible for embedding security-by-design principles across application lifecycles, leading Zero Trust adoption, and ensuring alignment with regulatory and industry standards (e.g., PCI-DSS, OSFI, NIST, ISO 27001).
Application Security Strategy & Architecture
· Define and implement enterprise-wide AppSec strategy aligned with business and security objectives Architect secure SDLC frameworks.
· SAST, DAST, SCA, IAST
· API security
· Container & cloud-native security
· Establish security patterns, reference architectures, and guardrails for application teams Drive DevSecOps enablement across CI/CD pipelines
Zero Trust Architecture Leadership
· Lead the design and rollout of Zero Trust architecture across application ecosystems.
· Implement key Zero Trust principles.
· Continuous verification
· Least privilege access
· Micro-segmentation
Integrate with:
· Identity & Access Management (IAM/CIAM)
· Privileged Access Management (PAM)
· Endpoint and workload protection platforms
· Align application access controls with identity-centric security models
Compliance & Regulatory Governance
· Ensure application security controls meet: OSFI B-13 / B-10 (Canada BFSI), PCI-DSS, SOX, GDPR, ISO 27001, NIST
· Drive audit readiness, control validation, and compliance reporting.
· Establish risk-based control frameworks and remediation tracking.
· Partner with internal audit, risk, and compliance teams.
Secure Architecture & Threat Modeling
· Conduct secure design reviews and threat modeling (STRIDE, ATT&CK).
· Identify and mitigate application-layer vulnerabilities and attack vectors.
· Define security requirements for APIs, microservices, and cloud-native applications.
· Embed security testing and validation processes.
Engineering & Tooling Enablement
· Lead deployment and optimization of AppSec tools.
· SAST: Checkmarx, Fortify, Veracode
· DAST: Burp, AppScan
· SCA: Snyk, Black Duck
· Container security: Prisma, Aqua
· Integrate tools into CI/CD pipelines (Azure DevOps, GitHub, Jenkins).
· Drive automation for vulnerability management and remediation tracking.
Stakeholder & Delivery Leadership
· Act as a trusted advisor to engineering, architecture, and business leaders.
· Lead cross-functional teams across development, DevOps, and security.
· Provide executive-level reporting on AppSec maturity and risk posture.
· Mentor teams on secure coding and security best practices.
Required Qualifications
· 12+ years in cybersecurity, application security, or architecture roles
· Proven experience as a Solution Architect or AppSec Lead in large enterprises (preferably BFSI)
Strong expertise in:
· Secure SDLC / DevSecOps
· Zero Trust Architecture
· Cloud platforms (Azure, AWS, GCP)
· Hands-on experience with AppSec tools and CI/CD integrations.
Deep understanding of:
· OWASP Top 10, API Security Top 10
· Threat modeling methodologies
· Experience with regulatory compliance frameworks (OSFI, PCI-DSS, ISO, NIST)
Preferred Certifications:
· CISSP / CISM / CCSP
· CSSLP (Certified Secure Software Lifecycle Professional) TOGAF (Architecture) SABSA or equivalent security architecture certifications
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search