Application Security Architect

Job Description

Job Title: Principal Application Security Architect - 861. Location: Broomfield, Colorado, USA

Responsibilities:

Hands-on Engineering & Security Assessment

• Perform manual code reviews to identify logic flaws and security vulnerabilities that automated tools may miss.
• Lead threat modeling exercises for complex systems and applications.
• Conduct technical security testing of web applications, APIs, and cloud environments.
• Validate security controls and defensive mechanisms through targeted assessments.

Governance & Security Tooling

• Architect, manage, and optimize enterprise security scanning platforms.
• Configure and tune SAST, DAST, and dependency scanning tools to improve detection quality.
• Design and maintain security controls within CI/CD pipelines;
• Review pull requests and collaborate with engineering teams to ensure secure implementation of fixes.

Risk Management & Compliance

• Define secure architecture standards for authentication, encryption, and data protection.
• Ensure compliance with security and regulatory frameworks including CIS CSC18, NIST CSF, ISO 27001, GDPR, and SOC 2.
• Develop vulnerability prioritization standards based on exploitability and business impact.
• Establish and maintain secure development practices across the organization.

Collaboration & Technical Leadership

• Partner with product, engineering, and architecture teams to design secure applications and systems.
• Serve as the organization's primary application security subject matter expert;
• Advise teams on modern attack techniques, secure coding practices, and defensive strategies.
• Communicate technical risks and vulnerabilities to both technical and executive stakeholders.

Continuous Improvement

• Monitor emerging cybersecurity threats, vulnerabilities, and technologies.
• Drive automation initiatives in security testing and monitoring;
• Contribute to the evolution of enterprise application security strategy.
• Mentor engineers and promote security best practices across the organization.

Qualifications:

• Bachelor's degree required.
• Minimum 10 years of experience in application security, penetration testing, or secure software development.
• Minimum 5 years of hands-on software engineering experience.
• Strong understanding of application security principles and secure development practices.
• Must qualify as a U.S. Person, including:
  • U.S. Citizen
  • Permanent Resident (Green Card Holder)
  • Individual granted asylum or refugee status
• Due to U.S. government security requirements, candidates must not be nationals of the People's Republic of China or Russia unless they are also U.S. citizens.

Preferred:

• Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field.
• Strong knowledge of OWASP Top 10, SANS CWE, and secure coding practices;
• Proficiency in at least two modern programming languages such as Java, Python, JavaScript, or Go.
• Experience implementing and managing enterprise-scale SAST and DAST programs.
• Expertise in cloud-native security across AWS, Azure, or Google Cloud Platform.
• Professional certifications such as:
  • CISSP
  • CSSLP
  • OSCP
  • GWAPT
• Excellent analytical, communication, collaboration, and problem-solving skills.

Benefits and Compensation:

• Salary Range: $184,000 - $230,000 per year
• Incentive eligible compensation package with bonus opportunities.

• Flexible work schedule.
• Employer-subsidized medical, dental, and vision insurance.
• 401(k) retirement savings plan.
• Student loan repayment matching benefit.
• Equity opportunities.
• 12 paid holidays annually;
• Generous vacation and sick leave.
• Paid parental leave.
• Employee discount programs.

Other Information:

• Applications are accepted on an ongoing basis.
• No application deadline has been specified.
• Quantinuum is an Equal Opportunity Employer committed to diversity and inclusion;
• AI tools may be used during portions of the recruitment process, but all hiring decisions are made by human reviewers.
• Employment is subject to applicable U.S. government and contractual requirements.