Application Security Architect - Threat Modeling

Application Security Architect – Threat Modeling

Location: Charlotte, NC Raleigh, NC Irving (Dallas), TX Columbus, OH

Schedule: Hybrid (3 days onsite / 2 remote)

Duration: 12+ month contract (strong potential to extend)

Hours: M–F, standard business hours (flexible; earlier schedule in DFW)

Overview

We are seeking an experienced Application Security Architect (Threat Modeler) to support enterprise-scale security initiatives. This role focuses on deep, architecture-driven threat modeling across complex applications, platforms, and cloud environments.

You will partner closely with engineering and architecture teams to analyze system design, identify realistic attack paths, and recommend pragmatic, risk-based mitigations. This is a highly technical, hands-on role requiring strong system design knowledge—not just theoretical security expertise.

Key Responsibilities

Perform architecture-driven threat modeling across enterprise applications and platforms

Decompose systems into components, data flows, and trust boundaries

Apply structured methodologies such as STRIDE, PASTA, or VAST

Use tools such as ThreatModeler, OWASP Threat Dragon, or Microsoft TMT

Identify, assess, and prioritize threats based on real-world risk and exploitability

Validate security controls through architecture review, configurations, and code analysis

Recommend practical, design-level mitigations aligned to business risk

Document and present findings to engineering teams, leadership, and risk stakeholders

Partner with cybersecurity and platform teams to improve security patterns and controls

Manage multiple concurrent threat modeling efforts with strong delivery discipline

Required Qualifications

6+ years of experience in software engineering, systems architecture, or platform engineering

2+ years of experience in application security or threat modeling

Hands-on experience with threat modeling methodologies (STRIDE, PASTA, VAST)

Experience using threat modeling tools (ThreatModeler, OWASP Threat Dragon, Microsoft TMT)

Strong understanding of distributed systems / microservices architectures, cloud platforms (AWS, Azure, or GCP), and application security risks (auth flaws, trust boundaries, data handling)

Ability to read and analyze code, configs, or IaC artifacts

Scripting/automation experience (e.g., Python)

Strong communication skills with ability to lead technical discussions

Preferred Qualifications

Experience leading enterprise threat modeling programs

Background in cloud-native or event-driven architectures

Exposure to AI/GenAI systems security

Familiarity with Threat Modeling as Code (TaaC)

Security or cloud certifications (CISSP, CCSP, AWS/Azure/GCP)

Experience in large, regulated enterprise environments

What Makes This Role Strong

Heavy focus on real architecture analysis vs. checklist security

High visibility with engineering and leadership teams

Opportunity to influence enterprise-wide security patterns

Work across modern cloud and distributed systems environments