Principal Architect – Application Security

The principal objective of this role is to architect, design, and communicate comprehensive security strategies and solutions that align with corporate IT standards and security architecture principles.

Key Responsibilities:

• Develop optimal, purpose-built IT security solutions that meet customer requirements, ensuring security architecture is robust, high-quality, and compliant with corporate IT standards.
• Take accountability for end-to-end security architecture, including making architectural and technological decisions.
• Establish security architecture standards, guardrails, and best practices across information, application, and technology domains, ensuring awareness throughout IT teams.
• Conduct design reviews for applications, data, and infrastructure (cloud/on-premises), identifying gaps to ensure adherence to security patterns and guidelines.
• Collaborate with developers and solution architects to implement secure application architectures and enforce secure coding practices.
• Monitor emerging threats, adapting security solutions to mitigate risks, and evaluate security technologies and tools for integration and interoperability.
• Perform code analysis of large applications, using Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) solutions.
• Assist in regular security risk assessments to identify potential security risks and contribute to data loss prevention strategies.
• Develop infrastructure solutions that comply with security standards, working closely with infrastructure teams.
• Own and maintain the security architecture roadmap, oversee technical improvements, and engage in project lifecycle to manage security architecture.

Qualifications:

• Bachelor’s Degree in Information Technology, Computer Science, or related field, with 3+ years of experience.
• Fluent in English.
• Proven experience as a Security Solution Architect or Application/Product Security Engineer.
• Experience in integrating security testing into the Software Development Life Cycle (SDLC).
• Strong familiarity with common vulnerabilities and attack vectors and excellent communication skills for conveying technical issues.
• Preferred: Airline experience and familiarity with multi-cultural environments.

Required Skills:

• Strong understanding of security technologies, including firewalls, intrusion detection/prevention systems, and data encryption solutions.
• Proficiency in security tools for software development and infrastructure security tools.
• Knowledge of industry best practices and security standards, such as OWASP Top 10, GDPR, and PCI DSS.

Certifications (Preferred):

• CISSP, CCNP Security, CISA, CEH.

Competencies:

• Customer Focus
• Teamwork
• Effective Communication
• Personal Accountability & Commitment
• Resilience and Flexibility
• Decision Making
• Strategic Thinking
• Business Acumen

Language Requirements:

• Fluent in English.