Senior Application Security Architect

About AU10TIX

AU10TIX, an identity management company headquartered in Israel, provides critical, modular solutions to link physical and digital identities so that companies and their customers can confidently connect. Over the last decade, AU10TIX has become the preferred partner for customer onboarding and customer verification automation, and we continue to work on the edge of what’s next for the future of identity’s role in society. Our proprietary technology provides results in less than 8 seconds, allowing companies to onboard faster, prevent fraud, meet compliance mandates, and, importantly, establish trust with their customers.

About the job

Au10tix is seeking a highly skilled and experienced Application Security Architect to join our team. The ideal candidate will be responsible for designing, implementing, and maintaining robust security architectures for our applications. This role requires a deep understanding of security best practices, threat modeling, secure coding, and compliance requirements. The Application Security Architect will collaborate with development teams to ensure that security is integrated into the software development lifecycle (SDLC) and that our applications are protected against current and emerging threats.

Responsibilities

• Develop and maintain application security architectures and design patterns that meet business needs and align with industry standards.
• Conduct threat modeling and risk assessments to identify potential security vulnerabilities and risks within applications.
• Implement effective security controls.
• Provide guidance on code reviews, penetration testing, and static/dynamic code analysis to identify and remediate vulnerabilities.
• Ensure applications comply with relevant industry standards, regulations, and compliance requirements (e.g., OWASP, PCI DSS, GDPR, HIPAA).
• Stay updated on the latest security trends, vulnerabilities, and regulatory changes.
• Collaborate with cross-functional teams, including R&D, IT, DevOps, and QA, to ensure secure design principles are followed.
• Conduct training sessions and workshops to educate development teams on application security best practices and emerging threats.
• Assist in incident response investigations as needed.
• Provide expertise in analyzing security incidents related to application vulnerabilities and breaches.

Qualifications

• 3+ years of experience in Application Security Secure-SDLC practices, standards, methodologies, and software team escorting
• Experienced with threat analysis processes
• Knowledge in static and dynamic code analysis processes and systems
• Deep understanding of OWASP Top 10 and CWE 25; with a proven track record and experience in implementing and integrating remediation strategies
• Familiarity with a wide range of high-level programming languages (CPP, Java, JS, Python, etc.) and related secure Software Development Life Cycle (SDLC) activities
• Significant advantage: hands-on experience in application penetration testing
• Advantage: Proven experience in high-level code auditing
• Advantage: experience in CI\CD and CI\CD security

Skills and Attributes

• Excellent problem-solving skills and the ability to work under pressure.
• Strong analytical skills with a focus on risk management and threat modeling.
• Effective communication skills, both verbal and written, with the ability to present complex security concepts to non-technical audiences.
• Ability to lead and influence cross-functional teams and drive security initiatives.