Application Security Architect

The Application Security Architect partners with software development, platform, cybersecurity, and cloud engineering teams to embed security throughout the modern software development lifecycle (SDLC). This role focuses on secure-by-design practices, DevSecOps strategy, roadmap and enablement, and risk-based vulnerability management across internally developed, third-party, SaaS, and cloud-native applications. The AppSec Architect serves as the strategic owner of the Application Security Roadmap, defines target-state AppSec maturity aligned to business growth, and prioritizes AppSec investments and tooling rationalization. The role serves as a trusted advisor to development teams and the key contributor to the organization's overall Secure Software Development Program., Secure SDLC & DevSecOps

• Embed application security controls into CI/CD pipelines, including automated SAST, DAST, IAST, SCA, secrets detection, and IaC scanning.
• Establish standardized security controls across platforms.
• Design exceptions and compensating controls.
• Partner with development teams to implement shift-left security while maintaining delivery velocity.
• Define and maintain secure coding standards, security design patterns, and reference architectures.
• Participate in architecture and design reviews, including threat modeling for new applications and major changes.
• Perform research and development (R&D) into existing processes and tooling opportunities

Application & Cloud Security Assessment

• Identify and assess security risks in web, mobile, API, SaaS, and cloud-native applications developed internally or by third parties.
• Perform or coordinate:

• Source code reviews (manual and automated)
• Application vulnerability assessments and penetration tests
• API and microservices security testing & analysis
• Cloud configuration and IaC security reviews

• Validate findings, reduce false positives, and prioritize remediation based on business risk.
• Establish reusable security architecture patterns for cloud-native and distributed systems .

Vulnerability & Risk Management

• Manage application security findings through a centralized vulnerability or risk management platform.
• Work with development teams to define practical, risk-based remediation guidance.
• Track remediation progress, verify fixes, and support exception/risk acceptance processes.
• Contribute to application security metrics, KPIs, and executive-level reporting.
• Translate technical debt and vulnerabilities into business risk and exposure.

Open Source & Supply Chain Security

• Assess and manage risks related to open-source dependencies, libraries, and third-party components.
• Support Software Composition Analysis (SCA) and software supply chain security initiatives (e.g., dependency hygiene, SBOMs).
• Evaluate security posture of third-party applications and vendors in collaboration with risk management team.
• Verify compliance with third-party component licensing models

Software Compliance

• Lead software compliance activities related to application vulnerabilities, data exposure, or insecure design.
• Support application-related forensic analysis and root-cause investigations.
• Assist with compliance and assurance activities related to secure development (e.g., NIST, ISO, SOC, internal audits).

Enablement & Education

• Develop and deliver application security training for developers and cybersecurity team
• Provide hands-on guidance and documentation to improve developer security maturity.
• Act as a security champion advocate, helping teams make informed security decisions.

• High School Diploma/GED Required
• Bachelor's Degree (Technical Degree Preferred) and 6 Years Relevant Experience OR 8 Years Relevant Experience
• 1 2+ years of combined experience across software engineering, platform/cloud engineering, application security, & DevSecOps / SRE with strong cybersecurity ownership preferred

• 5 + years in hands-on software engineering or platform/cloud engineering preferred
• 7 + years in application security, DevSecOps, or secure architecture preferred

• Strong understanding of modern SDLCs, Agile, and CI/CD practices.
• Hands-on experience with at least one major programming language (e.g., Java, C#, Python, JavaScript).
• Practical knowledge of:

• Web, mobile, and API security
• Authentication and authorization models (OAuth2, OIDC, JWT, SAML)
• OWASP Top 10 and API Top 10

• Familiarity with cloud platforms (AWS, Azure, and/or OCI) and cloud-native services.
• Working knowledge of networking fundamentals, encryption, and secure communications.
• Excellent written and verbal communication skills, with the ability to translate security risk into business impact.

Preferred / Beneficial Qualifications

• Experience with application security tools such as SAST, DAST, IAST, SCA, secrets scanning, or IaC security platforms.
• Experience securing containers, Docker, and serverless workloads.
• Knowledge of Infrastructure as Code frameworks (e.g., Terraform, CloudFormation).
• Familiarity with threat modeling frameworks (e.g., STRIDE).
• Security or development certifications such as:

• CSSLP, CISSP, GWAPT, GWEB, OSWE, or equivalent
• Cloud security certifications (AWS, Azure, or GCP)

Behavioral & Professional Expectations

• Strong collaboration skills; ability to influence without authority.
• Comfortable balancing security risk with business and delivery priorities.
• Highly organized, detail-oriented, and self-directed.
• Customer-service mindset toward internal development teams.
• Ability to remain effective in fast-paced, evolving technical environments.
• Commitment to confidentiality, ethical conduct, and continuous improvement.

Altec offers a competitive salary that rewards performance and dedication, along with a comprehensive benefits package that includes:

• Medical, Dental, Vision and Prescription Drug Program
• Retirement 401(k) Traditional or Roth Program Options with Company Match
• Vacation and Holidays
• Parental Leave
• Short Term and Long Term Disability Leave
• Flexible Spending Accounts
• Tuition Assistance Program
• Employee Assistance and Mental Health/Substance Abuse Program
• Life Insurance, Accidental Death and Dismemberment Insurance
• Supplemental Insurance including Hospital Indemnity, Critical Illness and Accident Insurance
• Additional Wellness Programs and Rewards Available

If you're considering a career with Altec,there's never been a better time to join us! Our company was founded on values that place the customer first and prioritize our people as our greatest strength. Over the years, those values and our talented associates have helped us to earn the trust and confidence of customers worldwide. Today, Altec is an innovative, financially sound company that sets the standard of excellence in design,manufacturing and service - and that's why we're the ideal place for you to grow your career. Founded in 1929, Altec is a privately held company headquartered in Birmingham, Alabama. Altec specializes in the manufacture, sale and service of aerial devices, digger derricks, cranes and specialty equipment for the electric utility, telecommunications, tree care, construction, and light and signs markets. We help our customers dig deeper and reach higher in more than 100 countries around the world. EEO Statement Altec Industries, Inc. and its affiliates are equal opportunity employers and maintain affirmative action plans to recruit, retain, develop, and promote qualified individuals without unlawful consideration of race, gender, color, religion, sexual orientation, gender identity, national origin, age, disability, citizenship status, veteran status, or any other characteristic protected by federal, state or local law. Altec strives to maintain a work environment free from unlawful discrimination and harassment, where associates are treated with respect and dignity.