Role Overview: We are seeking a highly experienced Solution Architect – Application Security Lead to drive the design, implementation, and governance of enterprise-grade AppSec, Zero Trust architecture, and regulatory compliance frameworks. This role will be responsible for embedding security-by-design principles across application lifecycles, leading Zero Trust adoption, and ensuring alignment with regulatory and industry standards (e.g., PCI-DSS, OSFI, NIST, ISO 27001).

Application Security Strategy & Architecture · Define and implement enterprise-wide AppSec strategy aligned with business and security objectives Architect secure SDLC frameworks. · SAST, DAST, SCA, IAST · API security · Container & cloud-native security · Establish security patterns, reference architectures, and guardrails for application teams Drive DevSecOps enablement across CI/CD pipelines

Zero Trust Architecture Leadership · Lead the design and rollout of Zero Trust architecture across application ecosystems. · Implement key Zero Trust principles. · Continuous verification · Least privilege access · Micro-segmentation

Integrate with: · Identity & Access Management (IAM/CIAM) · Privileged Access Management (PAM) · Endpoint and workload protection platforms · Align application access controls with identity-centric security models

Compliance & Regulatory Governance · Ensure application security controls meet: OSFI B-13 / B-10 (Canada BFSI), PCI-DSS, SOX, GDPR, ISO 27001, NIST · Drive audit readiness, control validation, and compliance reporting. · Establish risk-based control frameworks and remediation tracking. · Partner with internal audit, risk, and compliance teams.

Secure Architecture & Threat Modeling · Conduct secure design reviews and threat modeling (STRIDE, ATT&CK). · Identify and mitigate application-layer vulnerabilities and attack vectors. · Define security requirements for APIs, microservices, and cloud-native applications. · Embed security testing and validation processes.

Engineering & Tooling Enablement · Lead deployment and optimization of AppSec tools. · SAST: Checkmarx, Fortify, Veracode · DAST: Burp, AppScan · SCA: Snyk, Black Duck · Container security: Prisma, Aqua · Integrate tools into CI/CD pipelines (Azure DevOps, GitHub, Jenkins). · Drive automation for vulnerability management and remediation tracking.

Stakeholder & Delivery Leadership · Act as a trusted advisor to engineering, architecture, and business leaders. · Lead cross-functional teams across development, DevOps, and security. · Provide executive-level reporting on AppSec maturity and risk posture. · Mentor teams on secure coding and security best practices.

Required Qualifications · 12+ years in cybersecurity, application security, or architecture roles · Proven experience as a Solution Architect or AppSec Lead in large enterprises (preferably BFSI)

Strong expertise in: · Secure SDLC / DevSecOps · Zero Trust Architecture · Cloud platforms (Azure, AWS, GCP) · Hands-on experience with AppSec tools and CI/CD integrations.

Deep understanding of: · OWASP Top 10, API Security Top 10 · Threat modeling methodologies · Experience with regulatory compliance frameworks (OSFI, PCI-DSS, ISO, NIST)

Preferred Certifications: · CISSP / CISM / CCSP · CSSLP (Certified Secure Software Lifecycle Professional) TOGAF (Architecture) SABSA or equivalent security architecture certifications