Application Security Architect

• Collaborate with engineers to integrate security best practices into design reviews, threat modeling, code reviews, and penetration testing.
• Participate in secure code review and penetration testing efforts, honing your skills with hands-on experience under the guidance of senior team members.
• Contribute to deep-dive security reviews of web, mobile, and API products to adhere to secure design principles.
• Participate in security training and share your learnings with the broader engineering team to foster a culture of security awareness.
• Assist in incident response to gain valuable real-world experience and help protect Company's systems and data.
• SAST/DAST tool exposure and risk assessment, building a foundation for future growth.
• Mentor junior members of the AppSec team

Determining compensation for this role (and others) at Vaco/Highspring depends upon a wide array of factors including but not limited to the individual's skill sets, experience and training, licensure and certifications, office location and other geographic considerations, as well as other business and organizational needs. With that said, as required by local law in geographies that require salary range disclosure, Vaco/Highspring notes the salary range for the role is noted in this job posting. The individual may also be eligible for discretionary bonuses, and can participate in medical, dental, and vision benefits as well as the company's 401(k) retirement plan. Additional disclaimer: Unless otherwise noted in the job description, the position Vaco/Highspring is filing for is occupied. Please note, however, that Vaco/Highspring is regularly asked to provide talent to other organizations. By submitting to this position, you are agreeing to be included in our talent pool for future hiring for similarly qualified positions. Submissions to this position are subject to the use of AI to perform preliminary candidate screenings, focused on ensuring minimum job requirements noted in the position are satisfied. Further assessment of candidates beyond this initial phase within Vaco/Highspring will be otherwise assessed by recruiters and hiring managers. Vaco/Highspring does not have knowledge of the tools used by its clients in making final hiring decisions and cannot opine on their use of AI products., Vaco by Highspring and its parents, affiliates, and subsidiaries ("we," "our," or "Vaco by Highspring") respects your privacy and are committed to providing transparent notice of our policies.

• California residents may access Vaco by Highspring HR Notice at Collection for California Applicants and Employees here.
• Virginia residents may access our state specific policies here.
• Residents of all other states may access our policies here.
• Canadian residents may access our policies in English here and in French here.
• Residents of countries governed by GDPR may access our policies here.

• Must be a senior Application Security Architect capable with experience standing up an AppSec program from scratch; strong communicator; hands-on and strategic
• 10 years AppSec experience; deep understanding of common vulnerabilities (XSS, CSRF, SQL Injection); experience building AppSec programs.
• Experience with any of the following: C#, React, JavaScript, REST APIs
• Participation in OWASP, BSides, open-source security projects, etc
• The ability to effectively communicate security concepts to both technical and non-technical audiences.

Determining compensation for this role (and others) at Vaco by Highspring depends upon a wide array of factors including but not limited to:

• the individual's skill sets, experience and training;
• licensure and certification requirements;
• office location and other geographic considerations;
• other business and organizational needs.

With that said, as required by local law, Vaco by Highspring believes that the following salary range referenced above reasonably estimates the base compensation for an individual hired into this position in geographies that require salary range disclosure. The individual may also be eligible for discretionary bonuses.