Back to search
Astra-North Infoteck Inc. ~ Conquering today’s challenges, achieving tomorrow’s vision! Linkedin · Posted 20d ago

Solution Architect – Application Security (AppSec), Zero Trust & Compliance

Canada

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Role Overview: We are seeking a highly experienced Solution Architect – Application Security Lead to drive the design, implementation, and governance of enterprise-grade AppSec, Zero Trust architecture, and regulatory compliance frameworks.

This role will be responsible for embedding security-by-design principles across application lifecycles, leading Zero Trust adoption, and ensuring alignment with regulatory and industry standards (e.g., PCI-DSS, OSFI, NIST, ISO 27001).


Application Security Strategy & Architecture

· Define and implement enterprise-wide AppSec strategy aligned with business and security objectives Architect secure SDLC frameworks.

· SAST, DAST, SCA, IAST

· API security

· Container & cloud-native security

· Establish security patterns, reference architectures, and guardrails for application teams Drive DevSecOps enablement across CI/CD pipelines


Zero Trust Architecture Leadership

· Lead the design and rollout of Zero Trust architecture across application ecosystems.

· Implement key Zero Trust principles.

· Continuous verification

· Least privilege access

· Micro-segmentation


Integrate with:

· Identity & Access Management (IAM/CIAM)

· Privileged Access Management (PAM)

· Endpoint and workload protection platforms

· Align application access controls with identity-centric security models


Compliance & Regulatory Governance

· Ensure application security controls meet: OSFI B-13 / B-10 (Canada BFSI), PCI-DSS, SOX, GDPR, ISO 27001, NIST

· Drive audit readiness, control validation, and compliance reporting.

· Establish risk-based control frameworks and remediation tracking.

· Partner with internal audit, risk, and compliance teams.


Secure Architecture & Threat Modeling

· Conduct secure design reviews and threat modeling (STRIDE, ATT&CK).

· Identify and mitigate application-layer vulnerabilities and attack vectors.

· Define security requirements for APIs, microservices, and cloud-native applications.

· Embed security testing and validation processes.


Engineering & Tooling Enablement

· Lead deployment and optimization of AppSec tools.

· SAST: Checkmarx, Fortify, Veracode

· DAST: Burp, AppScan

· SCA: Snyk, Black Duck

· Container security: Prisma, Aqua

· Integrate tools into CI/CD pipelines (Azure DevOps, GitHub, Jenkins).

· Drive automation for vulnerability management and remediation tracking.


Stakeholder & Delivery Leadership

· Act as a trusted advisor to engineering, architecture, and business leaders.

· Lead cross-functional teams across development, DevOps, and security.

· Provide executive-level reporting on AppSec maturity and risk posture.

· Mentor teams on secure coding and security best practices.


Required Qualifications

· 12+ years in cybersecurity, application security, or architecture roles

· Proven experience as a Solution Architect or AppSec Lead in large enterprises (preferably BFSI)


Strong expertise in:

· Secure SDLC / DevSecOps

· Zero Trust Architecture

· Cloud platforms (Azure, AWS, GCP)

· Hands-on experience with AppSec tools and CI/CD integrations.


Deep understanding of:

· OWASP Top 10, API Security Top 10

· Threat modeling methodologies

· Experience with regulatory compliance frameworks (OSFI, PCI-DSS, ISO, NIST)


Preferred Certifications:

· CISSP / CISM / CCSP

· CSSLP (Certified Secure Software Lifecycle Professional) TOGAF (Architecture) SABSA or equivalent security architecture certifications

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent