Application Security Architect
Mettler-Toledo North America
Our Opening and Your ResponsibilitiesRole summary
The Principal Application Security Architect is a hands-on execution leader accountable for delivering application security outcomes across modern cloud-native and legacy enterprise systems. This role owns security delivery end-to-end - from design through production, ensuring high-risk applications ship securely, on time, and at scale. This is a doer role with architectural authority.
Primary Responsibility
Own delivery of AppSec outcomes for critical applications and platformsLead hands-on threat modelling, architecture reviews, and remediation executionSet and enforce security release gates and acceptance criteriaActively reduce critical and high-risk vulnerabilities through Deep Code reviews, root cause analysis, direct remediation guidanceEnsure development teams understand the importance of application security principlesContinuously liaise with various product teams to analyse application vulnerabilitiesCreate and guide a team of local application security subject matter expertsServe as final technical authority for AppSec decisions on high-stakes initiativesUnblock engineering teams and resolve security-delivery conflictsReport clear, actionable risk status to senior leadershipDevelop organisational processes and methods for security, privacy and related assetsContinuously evaluate vulnerabilities and risks in software platforms, interfaces and applicationsPerform SW Threat modelling, Security Risk Assessment across various technology stacksCreate product security requirements and concepts; promote ‘secure by design’ approachTriage and remediation planning for discovered vulnerabilities aligned to program deadlinesEngage with internal and external partners to ensure alignment to commitmentsMentor SW teams on secure coding, best practices, industry standards, tools, and processesSeek to build-in security during development of software systems and applicationsEnsure that organisational processes stay current; contribute to the Quality Management System
What You Need to SucceedQualification: B.E / B.Tech / M.E / M.Tech (Computer Science or related fields)12–15+ years in software engineering, application security, or architecture experienceProven history of executing and delivering AppSec improvements at scaleDeep hands-on expertise in: Secure SDLC and application architecture, OWASP Top 10, API Security Top 10, Threat modelling (STRIDE or equivalent)Strong experience securing Modern architectures (cloud, APIs, microservices, containers, Kubernetes) & Legacy enterprise systems (monoliths, SOA, on-prem)Strong understanding of Authentication & authorization (OAuth2, OIDC, SAML), Cryptography, secrets management, secure configurationDeep experience integrating security into CI/CD pipelinesExperience with ISO 27001/27002 and NIST Cybersecurity FrameworkExperience in identifying potential attacks and threat vectors and offer mitigationExperience with vulnerability management tools like Blackduck, Trivy, Prisma cloud, Tenable etc.Proficient in Security assessments, Authentication and access controlUnderstanding of penetration testing, Applied cryptography and security protocols preferableExperience with AppSec practices for Infrastructure, connected devices etc.Good understanding of cryptographic primitives and their underlying principles preferableGood understanding of networking protocols, such as TCP/IP and UDP.Good understanding of Content Delivery Networks and their integration into applicationsActive in the security community. Regularly attends meetups or conferencesWorking understanding of Agile Development processesLead without authority in a matrix organizationExcellent communication skills – verbal and writtenAbility to translate complex ideas into simple solutions to implement
Our Offer to YouHybrid working model.Family Mediclaim benefits including parents & Term life insurance Cover.Wide portfolio of training opportunities including but not limited to Conferences, Workshops, Education reimbursement & Online learning.A wide range of Career Path to explore based on Individual strengths and aspirations.Quarterly and Annual awards for outstanding individuals and Quality of Life Improvement ProgramWe invite you to be part of our ONE TEAM to make the difference…PreciselyAbout Mettler ToledoMETTLER TOLEDO is a global leader in precision instruments and services. We are renowned for innovation and quality across laboratory, process analytics, industrial, product inspection, and retailing applications. Our sales and service network is one of the most extensive in the industry. Our products are sold in more than 140 countries, and we have a direct presence in approximately 40 countries. For more information, please visit www.mt.com.Equal Opportunity EmploymentWe promote equal opportunity worldwide and value diversity in our teams in terms of business background, area of expertise, gender and ethnicity. For more information on our commitment to Sustainability, Diversity and Equal Opportunity please visit us here.
The Principal Application Security Architect is a hands-on execution leader accountable for delivering application security outcomes across modern cloud-native and legacy enterprise systems. This role owns security delivery end-to-end - from design through production, ensuring high-risk applications ship securely, on time, and at scale. This is a doer role with architectural authority.
Primary Responsibility
Own delivery of AppSec outcomes for critical applications and platformsLead hands-on threat modelling, architecture reviews, and remediation executionSet and enforce security release gates and acceptance criteriaActively reduce critical and high-risk vulnerabilities through Deep Code reviews, root cause analysis, direct remediation guidanceEnsure development teams understand the importance of application security principlesContinuously liaise with various product teams to analyse application vulnerabilitiesCreate and guide a team of local application security subject matter expertsServe as final technical authority for AppSec decisions on high-stakes initiativesUnblock engineering teams and resolve security-delivery conflictsReport clear, actionable risk status to senior leadershipDevelop organisational processes and methods for security, privacy and related assetsContinuously evaluate vulnerabilities and risks in software platforms, interfaces and applicationsPerform SW Threat modelling, Security Risk Assessment across various technology stacksCreate product security requirements and concepts; promote ‘secure by design’ approachTriage and remediation planning for discovered vulnerabilities aligned to program deadlinesEngage with internal and external partners to ensure alignment to commitmentsMentor SW teams on secure coding, best practices, industry standards, tools, and processesSeek to build-in security during development of software systems and applicationsEnsure that organisational processes stay current; contribute to the Quality Management System
What You Need to SucceedQualification: B.E / B.Tech / M.E / M.Tech (Computer Science or related fields)12–15+ years in software engineering, application security, or architecture experienceProven history of executing and delivering AppSec improvements at scaleDeep hands-on expertise in: Secure SDLC and application architecture, OWASP Top 10, API Security Top 10, Threat modelling (STRIDE or equivalent)Strong experience securing Modern architectures (cloud, APIs, microservices, containers, Kubernetes) & Legacy enterprise systems (monoliths, SOA, on-prem)Strong understanding of Authentication & authorization (OAuth2, OIDC, SAML), Cryptography, secrets management, secure configurationDeep experience integrating security into CI/CD pipelinesExperience with ISO 27001/27002 and NIST Cybersecurity FrameworkExperience in identifying potential attacks and threat vectors and offer mitigationExperience with vulnerability management tools like Blackduck, Trivy, Prisma cloud, Tenable etc.Proficient in Security assessments, Authentication and access controlUnderstanding of penetration testing, Applied cryptography and security protocols preferableExperience with AppSec practices for Infrastructure, connected devices etc.Good understanding of cryptographic primitives and their underlying principles preferableGood understanding of networking protocols, such as TCP/IP and UDP.Good understanding of Content Delivery Networks and their integration into applicationsActive in the security community. Regularly attends meetups or conferencesWorking understanding of Agile Development processesLead without authority in a matrix organizationExcellent communication skills – verbal and writtenAbility to translate complex ideas into simple solutions to implement
Our Offer to YouHybrid working model.Family Mediclaim benefits including parents & Term life insurance Cover.Wide portfolio of training opportunities including but not limited to Conferences, Workshops, Education reimbursement & Online learning.A wide range of Career Path to explore based on Individual strengths and aspirations.Quarterly and Annual awards for outstanding individuals and Quality of Life Improvement ProgramWe invite you to be part of our ONE TEAM to make the difference…PreciselyAbout Mettler ToledoMETTLER TOLEDO is a global leader in precision instruments and services. We are renowned for innovation and quality across laboratory, process analytics, industrial, product inspection, and retailing applications. Our sales and service network is one of the most extensive in the industry. Our products are sold in more than 140 countries, and we have a direct presence in approximately 40 countries. For more information, please visit www.mt.com.Equal Opportunity EmploymentWe promote equal opportunity worldwide and value diversity in our teams in terms of business background, area of expertise, gender and ethnicity. For more information on our commitment to Sustainability, Diversity and Equal Opportunity please visit us here.
Confirmar seu email: Enviar Email
Todos os Empregos de Mettler-Toledo North America