**Job Title: Senior Application Security Architect** **Location: Rockville, MD/ McLean, VA** **Overview** The **Senior Application Security Architect** is responsible for designing, implementing, and governing **enterprise‑wide application security architecture and standards** . This role focuses on defining security frameworks, performing architecture reviews, establishing security baselines, and leading strategic security initiatives with broad organizational impact. This position requires a strong combination of **technical expertise, architectural vision, and leadership** , with the ability to embed security throughout the **software development lifecycle (SDLC)** . The ideal candidate is adaptable, able to manage multiple priorities simultaneously, and brings a proactive, collaborative, and positive approach to complex security challenges. **Key Responsibilities** + Design and establish **enterprise application security architecture frameworks** and reference models aligned with business objectives and risk tolerance + Lead **architecture and design reviews** to identify security gaps and recommend appropriate mitigations + Develop and maintain **security baselines, standards, patterns, and reference architectures** across web, mobile, API, microservices, and modern deployment models + Create, evolve, and facilitate **threat modeling methodologies** (e.g., STRIDE, PASTA, OCTAVE) with engineering teams + Define **secure coding standards and security requirements** based on data classification and application risk profiles + Architect solutions for **authentication, authorization, encryption, and secure communication** + Establish **security guardrails** for cloud‑native, serverless, containerized, and infrastructure‑as‑code environments + Design and implement **API security strategies** , including OAuth/OIDC, API gateways, rate limiting, and access controls + Integrate security architecture principles into **CI/CD pipelines** to support DevSecOps initiatives + Evaluate and recommend **application security tools and technologies** (SAST, DAST, IAST, SCA) + Develop **security architecture roadmaps** and guide the implementation of future security capabilities + Partner with development teams to design secure solutions that balance **security, performance, and business needs** + Lead **enterprise‑wide strategic security initiatives** + Leverage **GenAI technologies** to enhance architecture reviews and automate aspects of security analysis + Maintain documentation for **security decisions, patterns, standards, and reference implementations** + Develop and deliver **security architecture training** to developers and architects + Stay current with **emerging threats, technologies, and architectural trends** + Perform **security design reviews** for new applications and major system changes + Architect **secure data handling practices** , including encryption at rest and in transit **Qualifications** + Bachelor’s degree in **Computer Science, Information Security, or a related technical discipline** + **5+ years** of experience in application security, including **2+ years in security architecture roles** + Strong knowledge of **secure design principles, threat modeling, and security architecture patterns** + Experience designing security controls for **cloud environments** (AWS, Azure, GCP) + Proficiency in evaluating and implementing **application security tools** (SAST, DAST, IAST, SCA) + Hands‑on experience with tools such as **Burp Suite, OWASP ZAP** , or similar testing platforms + Strong understanding of **OWASP Top 10, SANS CWE** , and common vulnerability patterns + Experience implementing **secure SDLC and DevSecOps practices** + Knowledge of **authentication and authorization mechanisms** (MFA, SSO, OAuth 2.0, SAML, OIDC) + Experience with **secure API design, microservices, containerization, and cloud‑native architectures** + Proficiency in at least one programming language ( **Java, Python, or JavaScript preferred** ) + Experience with **secure code review** and vulnerability identification + Knowledge of **cryptographic protocols and secure implementations** + Experience securing modern application architectures (SPA, serverless, distributed systems) + Excellent communication skills with the ability to explain complex security concepts to both technical and non‑technical audiences + Proven experience leading **cross‑functional security initiatives** and influencing stakeholders + Industry certifications such as **CISSP, CSSLP, or AWS Security Specialty** are highly desirable If this is a role that interests you and you’d like to learn more, click apply now and a recruiter will be in touch with you to discuss this great opportunity. We look forward to speaking with you! **About ManpowerGroup, Parent Company of:** **Manpower, Experis, Talent Solutions, and Jefferson Wells** _ManpowerGroup® (NYSE: MAN), the leading global workforce solutions company, helps organizations transform in a fast-changing world of work by sourcing, assessing, developing, and managing the talent that enables them to win. We develop innovative solutions for hundreds of thousands of organizations every year, providing them with skilled talent while finding meaningful, sustainable employment for millions of people across a wide range of industries and skills. Our expert family of brands –_ **_Manpower, Experis, Talent Solutions, and Jefferson Wells_** _–_ creates substantial value for candidates and clients across more than 75 countries and territories and has done so for over 70 years. We are recognized consistently for our diversity - as a best place to work for Women, Inclusion, Equality and Disability and in 2022 ManpowerGroup was named one of the World's Most Ethical Companies for the 13th year - all confirming our position as the brand of choice for in-demand talent. ManpowerGroup is committed to providing equal employment opportunities in a professional, high quality work environment. It is the policy of ManpowerGroup and all of its subsidiaries to recruit, train, promote, transfer, pay and take all employment actions without regard to an employee's race, color, national origin, ancestry, sex, sexual orientation, gender identity, genetic information, religion, age, disability, protected veteran status, or any other basis protected by applicable law.