Senior Application Security Architect

  Job Title: Senior Application Security Architect Location: Rockville, MD/ McLean, VA   Overview The Senior Application Security Architect is responsible for designing, implementing, and governing enterprise‑wide application security architecture and standards. This role focuses on defining security frameworks, performing architecture reviews, establishing security baselines, and leading strategic security initiatives with broad organizational impact. This position requires a strong combination of technical expertise, architectural vision, and leadership, with the ability to embed security throughout the software development lifecycle (SDLC). The ideal candidate is adaptable, able to manage multiple priorities simultaneously, and brings a proactive, collaborative, and positive approach to complex security challenges. Key Responsibilities Design and establish enterprise application security architecture frameworks and reference models aligned with business objectives and risk tolerance Lead architecture and design reviews to identify security gaps and recommend appropriate mitigations Develop and maintain security baselines, standards, patterns, and reference architectures across web, mobile, API, microservices, and modern deployment models Create, evolve, and facilitate threat modeling methodologies (e.g., STRIDE, PASTA, OCTAVE) with engineering teams Define secure coding standards and security requirements based on data classification and application risk profiles Architect solutions for authentication, authorization, encryption, and secure communication Establish security guardrails for cloud‑native, serverless, containerized, and infrastructure‑as‑code environments Design and implement API security strategies, including OAuth/OIDC, API gateways, rate limiting, and access controls Integrate security architecture principles into CI/CD pipelines to support DevSecOps initiatives Evaluate and recommend application security tools and technologies (SAST, DAST, IAST, SCA) Develop security architecture roadmaps and guide the implementation of future security capabilities Partner with development teams to design secure solutions that balance security, performance, and business needs Lead enterprise‑wide strategic security initiatives Leverage GenAI technologies to enhance architecture reviews and automate aspects of security analysis Maintain documentation for security decisions, patterns, standards, and reference implementations Develop and deliver security architecture training to developers and architects Stay current with emerging threats, technologies, and architectural trends Perform security design reviews for new applications and major system changes Architect secure data handling practices, including encryption at rest and in transit Qualifications Bachelor’s degree in Computer Science, Information Security, or a related technical discipline 5+ years of experience in application security, including 2+ years in security architecture roles Strong knowledge of secure design principles, threat modeling, and security architecture patterns Experience designing security controls for cloud environments (AWS, Azure, GCP) Proficiency in evaluating and implementing application security tools (SAST, DAST, IAST, SCA) Hands‑on experience with tools such as Burp Suite, OWASP ZAP, or similar testing platforms Strong understanding of OWASP Top 10, SANS CWE, and common vulnerability patterns Experience implementing secure SDLC and DevSecOps practices Knowledge of authentication and authorization mechanisms (MFA, SSO, OAuth 2.0, SAML, OIDC) Experience with secure API design, microservices, containerization, and cloud‑native architectures Proficiency in at least one programming language (Java, Python, or JavaScript preferred) Experience with secure code review and vulnerability identification Knowledge of cryptographic protocols and secure implementations Experience securing modern application architectures (SPA, serverless, distributed systems) Excellent communication skills with the ability to explain complex security concepts to both technical and non‑technical audiences Proven experience leading cross‑functional security initiatives and influencing stakeholders Industry certifications such as CISSP, CSSLP, or AWS Security Specialty are highly desirable   If this is a role that interests you and you’d like to learn more, click apply now and a recruiter will be in touch with you to discuss this great opportunity. We look forward to speaking with you!   About ManpowerGroup, Parent Company of:  Manpower, Experis, Talent Solutions, and Jefferson Wells ManpowerGroup® (NYSE: MAN), the leading global workforce solutions company, helps organizations transform in a fast-changing world of work by sourcing, assessing, developing, and managing the talent that enables them to win. We develop innovative solutions for hundreds of thousands of organizations every year, providing them with skilled talent while finding meaningful, sustainable employment for millions of people across a wide range of industries and skills. Our expert family of brands – Manpower, Experis, Talent Solutions, and Jefferson Wells – creates substantial value for candidates and clients across more than 75 countries and territories and has done so for over 70 years. We are recognized consistently for our diversity - as a best place to work for Women, Inclusion, Equality and Disability and in 2022 ManpowerGroup was named one of the World's Most Ethical Companies for the 13th year - all confirming our position as the brand of choice for in-demand talent.

Created: 2026-02-01