Principal Engineer, AppSec Architect

We need a leader to develop and improve our service offerings in threat modeling, security architecture reviews and secure design solutions. 

Aspect Security is seeking an experienced Application Security Architect. In this role, you will assist organizations in creating and improving the security of their applications. You’ll educate clients on how to develop a security mindset throughout their entire SDLC – from concept to testing to implementation.

Internally, you will lead the effort to develop and improve our service offerings in threat modeling, security architecture review and secure design solutions.

All of our principal engineers are hands-on. They execute client projects, mentor colleagues and collaborate with sales and marketing. You’ll need to balance developing our service offerings with client and business needs.

Why Join Aspect?

  • We have an amazing team. We cannot say enough great things about our staff – they are smart, funny and energetic.
  • At Aspect we trust our employees to make smart decisions.  You'll be empowered to take the initiative on some of the largest and most complex application security projects in the world. 
  • While this position does require up to 50% travel, Aspect works hard to enable work/life balance and flexibility for employees. 

Key Responsibilities

  • Develop key elements and requirements of our service offerings in threat modeling, security architecture review and secure design solutions.
  • Lead strategic client projects focusing on threat modeling, security architecture review and secure design projects.
  • Work in a team environment, collaborating with colleagues and subject matter experts to manage complex client projects.
  • Clearly communicate internally and externally, in technical reports, project read-outs and presentations.
  • Mentor fellow engineers in security architecture concepts.
  • Support pre-sales and scoping calls with clients.
  • Develop clearly defined statements of work that describe project elements and effort level required.
  • Assist in hiring, onboarding and mentoring engineers, especially junior engineers.
  • Evangelize application security in DevOps through conference presentations, meetups, and publications.


  • A deep understanding of application security and how to design a solution for an organization from scratch or to improve an existing architecture – from threat modeling to implementation and verification guidance.
  • Experience managing large client engagements with multiple technical contributors.
  • Experience in secure development practices and techniques, including the OWASP Top Ten.
  • Experience with Threat Modeling Concepts (STRIDE, DREAD, etc.)
  • Familiarity and experience designing secure solutions in a variety of enterprise IT components such as Single Sign On Solutions (SiteMinder, Gemalto, OAuth); Secure Data (Vormetric, CyberArk); Database Technologies (Oracle, MS SQL, MySQL, MongoDB, Hadoop); Java Technologies (Spring MVC, Struts, JSF); JavaScript Technologies (AnjularJS, GWT), .Net Technologies (MVC, WebForms); Cloud (AWS, Azure); Modern Service Technologies (Jersey, Node.js), Message Queues (MQSeries).
  • Excellent communication skills (verbal, written and presentation) and the ability to interface with both executive management and technical personnel.
  • Quick thinking and initiative: two of the most important qualities we look for in a candidate. You must be comfortable taking input from stakeholders and taking initiative without specific direction. You should be able to multi-task and work productively in high interrupt environment.
  • The ability to travel up to 50% of the time.


  • BS in Computer Science or equivalent required, MS preferred.  CISM, CISSP, CRSC, CSSLP or similar a plus.

 For immediate consideration, submit your resume via the form to your right or send your resume to


Please Note: Principals only please. Agency resumes are not accepted and will be considered unsolicited resumes that are not subject to placement fees.