The role

We are seeking an Application Security Architect to champion and own Cognism's Application Security Program.

This role involves leading the development and enforcement of information risk and security policies and standards for applications, ensuring alignment with compliance policies and the organization's security risk profile.

The successful candidate will collaborate with the Chief Product Officer, Chief Technology Officer, development teams, and Technology Operations to define and integrate security expectations within the broader IT strategy and architecture.

Key Responsibilities

The Application Security Architect ensures the security of enterprise applications through the following:

• Define, develop, and implement a DevSecOps approach for Cognism, incorporating a Security by Design philosophy.
• Create and maintain implementation standards, reference architectures, and design patterns supporting application security objectives and requirements.
• Manage technical security consultancy, providing design criteria, control objectives, and reviewing methods, practices, tools, technologies, and capabilities.
• Develop and maintain threat models to integrate into the solution development process.
• Provide advice and influence on security implications of design decisions, including application and system architecture, process and workflow, database design, and platform efforts.

Education, Experience, Abilities

• 10+ years of experience in a Security Engineering / Security Architecture leadership position.
• Experience implementing security programs incorporating regulatory privacy and security requirements, including US and European Union Data Privacy and Security Directives.
• Familiarity with Information Technology Governance and Architecture standards such as ITIL, ISO 2700x, TOGAF, and NIST.
• Experience in developing and implementing application security capabilities for operating models like Containers, IaaS, PaaS, and SaaS.
• Experience in products and services including Amazon AWS, Crowdstrike, Sonar Cloud, Static Analysis and Dynamic Analysis solutions (e.g., SNYK), and Web Application Firewalls.
• Proven ability to develop consensus and collaborate with team members and management, with superior written and verbal communication skills.
• Demonstrated ability to show initiative, handle multiple tasks, prioritize, and meet deadlines while maintaining a sense of urgency and professionalism under pressure.
• Master's degree in a field related to Information Technology (or equivalent experience), preferred.

Industry Certifications

Note - Must be able to obtain and maintain one or more within six months if not currently certified:

• Certified Information Systems Security Professional (CISSP)
• Certified Secure Software Lifecycle Professional (CSSLP)
• Certified in Risk and Information Systems and Control (CRISC)
• Information Systems Security Architecture Professional (ISSAP)
• AWS Certified Security Specialty