Security Architect

Security Architect 4
Immediate W2 contract position available in Atlanta, GA. Hybrid Schedule: Assignment will be 4 days in office near downtown & 1 day remote (remote day can be flexible).

Estimated Duration: 2.5 years

Desired Qualifications:

• 10+ years of experience
• Strong experience designing and implementing AppSec programs within DevSecOps, including integration of SAST, SCA, DAST, and related tooling into CI/CD pipelines.
• Azure Dev Ops & C# Dev work strongly preferred
• Strong communication skills and adept at consulting engaging internal partners & external vendors
• Experience evaluating and securing AI-enabled application components, including LLM integrations, agent-based workflows, and AI-driven APIs.
• At least 5 years in application security, DevSecOps, or related roles; relevant industry certifications (CISSP, CSSLP, CCSP, CISA, GIAC, OSCP, etc.) preferred.
• Deep understanding of application security testing approaches (SAST for code analysis, DAST for runtime testing, SCA for open-source risk) and how they complement each other.
• Experience with application vulnerability management and metrics, including: o Defining KPIs (e.g., MTTR, severity trends, SLA compliance)
• Delivering actionable dashboards and executive reporting
• Hands-on experience with enterprise AppSec platforms and ecosystems, including but not limited to:
• • GitHub Enterprise
  • ADO
  • Sonatype
  • Fortify
  • Snyk
  • Jfrog
• Proficiency in one or more coding languages, such as C#, Python, Java, or JavaScript
• Strong background in application and cloud security architecture, including APIs, microservices, and modern application patterns.
• Experience ensuring secure development practices for AI-generated code, including integration with SAST, SCA, and CI/CD pipelines for automated scanning and policy enforcement
• Ability to perform detailed information security risk assessments and recommend mitigating controls.
• Experience promoting security as a business enablement function with documentation, metrics, and strong verbal communication.
• Experience embedding security controls into developer workflows, enabling “shift-left” security while maintaining delivery velocity.
• Ability to translate technical findings into business risk, supporting prioritization, remediation strategies, and leadership reporting.
• Working knowledge of industry frameworks and standards (e.g., OWASP Top 10, secure coding practices, NIST/ISO).
• Must pass Insider Threat Protection background checks.