CareerStation
XO

Application Security Architect

Xoom
Bangalore3-10 LPA Posted 12 Jun 2025
FULL TIME
Nodejs
Java

Job Description

Your Day to Day

  • Develop and maintain a robust application security strategy, standards and target state architectures which aligns with industry best practices and regulatory requirements.
  • Be the application security advocate across the organization. Lead discussions and reviews around new technologies, framework enhancements and product reviews.
  • Define and improve application security in the SDLC, ensuring security is prioritized from inception to deployment.
  • Conduct regular security architecture risk assessments and threat modelling to implement effective risk mitigation strategies.
  • Ensure compliance with relevant security standards, regulations, and industry frameworks (e.g., PCI DSS, GDPR).
  • Maintain awareness on latest DevSecOps approaches and how they fit into large enterprise organization s AppSec program.
  • Collaborate with software engineers and leadership teams as well and cybersecurity teams to integrate security controls throughout the software development lifecycle.
  • Be comfortable interfacing and providing guidance to senior and technical leadership on application security issues/approaches, to achieve the deployment of effective security solutions.

What do you need to bring

  • Degree in Computer Science, Cybersecurity, Mathematics, or a related field.
  • 15+ years experience in AppSec, Software/Systems Engineering, and/or Architecture.
  • Expert level understanding of NodeJS, Java, modern web development frameworks and Service Oriented Architecture (SOA).
  • Familiarity with iOS, Android and browser SDK development.
  • Expert level understanding of AppSec scanning tools across SAST/SCA/DAST/IAST/Container Security/API Security/Secret Scanning/Fuzzing in large enterprise environments.
  • In depth knowledge of SDLC, and CI/CD pipelines best practices.
  • Good understanding of SLSA and supply chain security.
  • Expert level understanding of containerized platforms and security best practices.
  • In depth understanding of cybersecurity principles, including cryptography, authentication, web security, vulnerability assessments and threat detection.
  • Desired expertise in various security testing activities, including penetration testing, vulnerability scanning, and code reviews.
  • Working knowledge of major cloud platforms such as AWS, Azure, Google Cloud.
  • Industry certifications (e.g., CISSP, CISM, CCSP, or equivalent) are a plus.

Required Skills

NodejsJava
Join WhatsApp Channel