- Location
- Seattle - 100 Stewart St, United States of America · Detroit, MI
- Type
- Full-time
- Department
- Engineering
- Seniority
- Senior
- Experience
- 10+ years
- Source
- Workday
Description
As the Senior Application Security Architect, you work strategically with engineering and product teams to enable the delivery of secure application patterns and software solutions. You design standard security requirements for how applications should be built, deployed, and maintained, ensuring security is baked into the software development lifecycle from the start. You also build and mature team processes that empower development teams to own their software's security posture while mentoring internal security team members.
About the role
Perform Security Reviews of applications throughout the SDLC including at the design and implementation phases through formal threat modeling and source code reviews, focusing on designing secure applications from the start and ensuring secure design principles are correctly implemented.
Help to set strategic direction for application security initiatives, shift-left processes, and secure coding standards across the enterprise with a focus on treating security as quality.
Build relationships and collaborate with software engineering, product, and architecture teams to ensure alignment of company vision and secure coding goals.
Continually identify opportunities for improvement within software delivery pipelines and work with engineering leadership to implement automated security guardrails and remediations.
Collaborate with business, product owners, architecture, and information security teams to enable the delivery of secure software patterns that support business velocity
Coordinate and drive initiatives for AppSec engineers to build, execute, and scale application security strategies.
Help to build processes that test the compliance and effectiveness of software security requirements through automated guardrails and continuous security testing.
Influence decision-makers in the areas of secure application architecture, API design, authentication/authorization controls, and modern cloud deployment.
Create and evangelize application security policy sets and secure design patterns to be used throughout the company that balance velocity and external compliance requirements.
Work directly with development and audit teams to help align security architectures against upcoming compliance, regulatory (e.g., SSDF, Executive Orders on Cybersecurity), and contractual landscapes.
Mentor software engineers and information security team members on threat modeling, secure code design, and modern vulnerability remediation techniques.
About you
Minimum Qualifications
10 years of experience in an information security, application development with a secure coding background or software engineering role with a focus on secure code & design principles, OR bachelor’s degree in computer science, information security, or a related field and 5 years of experience.
Proven experience performing architectural threat modeling on complex systems and applications using formal frameworks (e.g., STRIDE, DREAD, PASTA)
Strong ability to read, write, and audit code for security vulnerabilities, with the ability to provide engineering teams with precise, actionable remediation guidance
Deep technical familiarity with Java ecosystem (strongly preferred), as well as .NET and/or Python
Proficiency in at least one scripting language (e.g., PowerShell, Bash, Python) for automation and custom tooling
Demonstrated aptitude for leveraging AI-assisted engineering tools to drive operational efficiency, balanced with the critical thinking required to identify, validate, and correct AI inaccuracies or hallucinations
Practical experience or working knowledge of the following:
Secure SDLC frameworks
DevSecOps pipeline integration (CI/CD)
SAST /DAST/SCA/Secret Scanning tooling
Identity and access management (OAuth 2.0, OIDC, SAML)
Container security (Docker, Kubernetes)
OWASP Top 10 / ASVS mappings
Familiarity with the MITRE ATT&CK Framework
Strong knowledge of fundamental InfoSec concepts, such as least privilege, zero trust architectures, secure input validation, layered security, secure defaults, etc.
Deep understanding of modern enterprise security risks such as software supply chain Security, securing & hardening development environments, and identifying and mitigating risk at scale.
Preferred Qualifications
Master’s degree in computer science, information security, or a related field
Advanced expertise in architectural threat modeling and building automated threat modeling capabilities into developer workflows
OSCP, OSWE, GWAPT, CISSP, CCSP, or other relevant security certifications
Hands-on experience scaling AppSec programs across large engineering organizations, including, integrating secure solutions across an organization’s SDLC, and/or experience administering a developer security champion program
Strong technical experience with Java
What you’ll get
Our team members fuel our strategy, innovation and growth, so we ensure the health and well-being of not just you, but your family, too! We go above and beyond to give you the support you need on an individual level and offer all sorts of ways to help you live your best life. We are proud to offer eligible team members perks and health benefits that will help you have peace of mind. Simply put: We’ve got your back. Check out our full list of Benefits and Perks.
On-Call Expectations
This role may include participation in an on-call rotation to support production systems and ensure service reliability. On-call responsibilities may include coverage during nights and weekends. If applicable, frequency and scheduling will be determined by team needs and communicated accordingly.
About us
Rocket is a Detroit-based company made up of businesses that provide simple, fast and trusted digital solutions for complex transactions. The name comes from our flagship business, now known as Rocket Mortgage®, which was founded in 1985. Today, we’re a publicly traded company involved in many different industries, including mortgages, fintech, real estate and more. We’re insistently different in how we look at the world and are committed to an inclusive workplace where every voice is heard. Apply today to join a team that offers career growth, amazing benefits and the chance to work with leading industry professionals.
This job description is an outline of the primary responsibilities of this position and may be modified at the discretion of the company at any time. Decisions related to employment are not based on race, color, religion, national origin, sex, physical or mental disability, sexual orientation, gender identity or expression, age, military or veteran status or any other characteristic protected by state or federal law. The company provides reasonable accommodations to qualified individuals with disabilities in accordance with applicable state and federal laws. Applicants requiring reasonable accommodations in completing the application and/or participating in the application process should contact a member of the Human Resources team, at [email protected].
The compensation information below is provided in compliance with all applicable job posting disclosure requirements. The compensation for this position is $149,000.00$318,000.00. The position may also be eligible for an annual bonus, incentives, and other employment-related benefits including, but not limited to, medical, dental, and vision benefits, 401K retirement plan, and paid-time off. More information regarding these benefits and others can be found here. The information regarding compensation and other benefits included in this paragraph is the company’s current, good faith estimate at the time of posting. [Compensation and benefits are subject to modification from time to time as the Company, in its sole and exclusive discretion, deems appropriate.] The Company may determine during its future reviews of the proposed compensation and benefits provided for this position, that the compensation and benefits for such position should be reduced. In no event will the Company reduce the compensation for the position to a level below the applicable jurisdictional minimum wage rate for the position. Los Angeles County and San Francisco Candidates only: qualified applicants with arrest or conviction records will be considered for employment per the Fair Chance Ordinance and the Fair Chance Initiative for Hiring.