Principal Application Security Architect

Position Overview Fast growing FinTech seeking a technically proficient Principal Application Security Architect to join our innovative FinTech organisation. This role is critical in shaping the security posture of complex, cloud-native applications that power fast-growing financial services and digital payments platforms. As an Application Security Architect, you will work closely with software engineers, DevSecOps specialists, product owners, and compliance teams to ensure that secure design principles and automated security controls are Embedded throughout the software development lifecycle (SDLC). You will take ownership of threat modeling, vulnerability management, and security automation efforts with a specific focus on cloud platforms, primarily Google Cloud Platform (GCP). You will be instrumental in building scalable, resilient security architectures that protect sensitive customer data, meet rigorous regulatory requirements, and enable rapid innovation in a dynamic FinTech environment. What You'll Do Application Security Architecture & Strategy Lead the design and implementation of comprehensive application security frameworks that guide the secure development of cloud-native APIs, microservices, and web applications.
Conduct detailed threat modeling workshops and architectural risk assessments, identifying vulnerabilities early and collaborating on risk mitigation strategies.
Define and enforce secure coding standards and architectural best practices aligned with industry benchmarks such as OWASP Top 10 and API Security Top 10.
Partner with cloud engineers and developers to embed security controls specific to GCP, such as workload identity, IAM policy enforcement, VPC Service Controls, and encryption.
Develop and maintain architectural blueprints and documentation that clearly communicate security design decisions and rationale across teams.
Security Testing & Automation Oversee the deployment and tuning of automated application security testing tools including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).
Collaborate with development teams to integrate security testing seamlessly into CI/CD pipelines, enabling early detection and continuous monitoring of vulnerabilities.
Drive the creation of custom security automation scripts and tools to enhance scanning coverage, improve detection accuracy, and streamline remediation workflows.
Analyze security findings to prioritize risk based on business impact, exploitability, and regulatory implications, and work with engineering teams to implement timely fixes.
Conduct regular security code reviews and support developers in secure coding practices to reduce vulnerabilities proactively.
Governance, Compliance & Training Ensure that application security architecture and practices comply with relevant regulatory and industry standards such as PCI-DSS, SOC 2, ISO 27001, and GDPR. Lead efforts to prepare for and support external and internal audits by providing comprehensive documentation, risk assessments, and remediation evidence. Develop and deliver targeted security training programs and awareness sessions designed to educate developers, testers, and product managers on secure development lifecycle best practices. Stay current with evolving FinTech regulations, cloud security trends, and emerging application threats to adapt security strategies proactively. Who You Are You are a passionate and detail-oriented security professional who thrives at the intersection of application development, cloud technology, and regulatory compliance. Your solid foundation in secure software engineering enables you to engage deeply with developers and architects to influence design decisions early and effectively. You have a deep understanding of cloud-native architectures, especially within Google Cloud Platform (GCP), and a clear grasp of the unique security challenges faced by FinTech companies operating in regulated environments. You are proactive in automating security processes and committed to fostering a culture of security- first thinking within fast-moving technical teams. Your communication skills allow you to articulate complex security concepts clearly and collaborate cross-functionally, driving security improvements that balance risk with business needs. Essential Qualifications Proven experience in application security or secure software engineering, preferably within FinTech or highly regulated industries.
Hands-on experience with a range of application security testing tools including SAST, DAST, and SCA, and integrating these into automated build and deployment pipelines.
Practical expertise with threat modeling methodologies such as STRIDE, PASTA, or Attack Trees.
Strong knowledge of secure coding standards and common vulnerabilities (OWASP Top 10, API Security Top 10) and how to mitigate them.
Familiarity with Google Cloud Platform (GCP) security features and best practices, including IAM, Cloud Armor, Security Command Center, and workload identity management.
Proficient in at least one programming or Scripting language such as Python, Java, JavaScript, or Go.
Solid understanding of FinTech compliance requirements and standards including PCI-DSS, SOC 2, GDPR, and ISO 27001. Excellent communication and collaboration skills, capable of working with diverse teams and stakeholders.
Nice to Have Industry certifications such as Certified Secure Software Lifecycle Professional (CSSLP), GIAC Web Application Penetration Tester (GWAPT), or Google Professional Cloud Security Engineer.
Experience securing containerized environments and orchestration platforms such as Kubernetes/GKE. Knowledge of DevSecOps tooling and automation frameworks (Jenkins, GitLab CI/CD, Terraform).
Familiarity with API security gateways, Web Application Firewalls (WAFs), and Runtime Application Self-Protection (RASP) technologies. Exposure to red teaming, adversary simulation, or threat intelligence focused on application layer attacks.
Experience in educating or mentoring engineering teams on secure development best practices.
What You'll Gain A critical leadership role with hands-on impact on securing innovative FinTech applications serving a global user base. The chance to architect and embed security practices in a cloud-first, automated development environment.
Work in a remote-first, agile culture that values innovation, collaboration, and continuous learning.
Opportunities for professional development including training and certifications.
The ability to directly influence business-critical security outcomes and help protect sensitive financial data in a fast-growing company.

#J-18808-Ljbffr