Application Security Architect

Application Security Architect- Remote or Hybrid

We’re a leader in data and AI. Through our software and services, we inspire customers around the world to transform data into intelligence - and questions into answers.

If you're looking for a dynamic, fulfilling career with flexibility and a world-class employee experience, you'll find it here. We're recognized around the world for our inclusive, meaningful culture and innovative technologies by organizations like Fast Company, Forbes, Newsweek and more.

About the job

As an Application Security Architect within the Product Security Organization (PSO), you will be a key contributor to overall Product security. Successful candidates will partner within SAS helping to solve complex technical problems anywhere in the Software Development Lifecycle (SDLC) from architecture and design to deployment and operations. Technical security breadth and depth as well as clear, concise and effective communications are key – this role requires a diverse set of skills in systems architecture, software development, and security. Success will depend on your collaborative skills working toward the SAS goal of meeting legal, compliance, and customer security requirements as part of providing SAS customers with the most trustworthy solutions globally.

As a Application Security Architect- , you will:

• Work in active partnership with development teams in identifying and building solutions to secure code and the implementation of application vulnerability scanning and penetration testing contributing documentation, developer guidance and training, and repositories with examples of best practices in secure architecture, design, design, and operational patterns and practices.
• Perform risk based prioritized and periodic reviews of application architecture to identify security gaps and generally help improve the security posture of business-critical multi-tier applications in legacy, hybrid cloud, and public cloud environments.
• Work cross organizationally with engineering (security champions, architects, and developers) and operations to assist in the identification, risk assessment, and remediation of security issues, and Product Management to ensure security implementations are consistent business objectives and customer requirements ensuring alignment to SAS security standards, policies, and procedures and other global regulatory requirements.  
• Assist in the creation of dashboards and on-demand reporting of a product division’s security posture and make recommendations for improvements aligning to Secure by Default and Zero Trust principles. 
• Identify, train, and partner with divisional Security Champions in place with product architecture and engineering teams. Help champions assess and gauge risk to identify security gaps or seams in the products and integrated solutions.
• Collaborate with other teams within security to identify new tools and processes to integrate into the Secure SDLC. Recommend and promote software security policies, standards, and procedures that can improve the global security posture of the company.
• Ensure all applicable security policies and processes are followed to support the organization's secure software development goals. Refer to GCF and include if security is listed.
• Embrace curiosity, passion, authenticity and accountability. These are our values and influence everything we do.

Required qualifications

• Bachelor's degree with major study in technical disciplines such as Electrical Engineering or Computer Science.
• 5+ years of secure software development, secure system architecture and design, or related experience.
• Demonstrated knowledge in securing enterprise web applications and the supporting systems and services as detailed by OWASP Top 10 for Web, CVSS, CWE/CVE, etc. extending to the effective remediation of issues surfaced by relevant SAST and DAST scanners and tooling.
• Demonstrated ability to provide guidance to development and hosting/operational teams on the effective remediation of issues surfaced by relevant SAST and DAST scanners and tooling, reported by customers, or findings from internal/external offensive security testing or compliance audits.
• An equivalent combination of related education, training and experience may be considered in place of the above qualifications.
• Equivalent combination of related education, training and experience may be considered in place of the above qualifications.

Additional competencies, knowledge and skills

• Technical Knowledge- Having achieved a satisfactory level of technical, functional, and/or professional skill or knowledge in position-related areas; keeping up with current developments and trends in areas of expertise; leveraging expert knowledge to accomplish results.
• Decision Making- Identifying and understanding problems and opportunities by gathering, analyzing, and interpreting quantitative and qualitative information; choosing the best course of action by establishing clear decision criteria, generating and evaluating alternatives, and making timely decisions; taking action that is consistent with available facts and constraints and optimizes probable consequences.
• Continuous Improvement- Originating action to improve existing conditions and processes; identifying improvement opportunities, generating ideas, and implementing solutions.
• 2+ years of experience in developing or adopting software security patterns and best practices.
• Demonstrated knowledge and willingness to learn security principles for Kubernetes, containers and micro-services, SaaS (public and private cloud deployments), ML, GenAI, and Agentic AI.
• Experience with programming languages such as: Java, C/C++, C#, Rust, Python, JavaScript, PHP, Golang, etc. Ability to review code or logic and be confident in giving prescriptive guidance to developers in security patterns and best practices.
• Active security certification: CISSP, CSSLP, CEH, CCSP, OSCP, etc. Knowledge of security best practices for regulated industries such as healthcare or financial services, and global privacy frameworks.

World-class benefits  

Highlights include...

• Comprehensive medical, prescription, dental and vision plans.
• Medical plan options include:
  • PPO with low annual deductible and copays.
  • HDHP combined with a health savings account with a contribution from SAS (no access to on-site health care center).
• Onsite Health Care Center (HQ) that’s free to employees and family members enrolled in the PPO plan. There's a pharmacy too! Not local to HQ? The pharmacy will ship prescriptions for no additional charge!
• An industry-leading 401k plan.
• Tuition Assistance Program and programs and resources to support your development
• Generous time away including vacation time, a variety of paid holidays, and our much-loved U.S. Winter Wellness Break between December 25 and January 1.
• Volunteer Time Off, parental leave and unlimited paid sick days.
• Generous childcare benefits for all full-time employees.

You are welcome here.

At SAS, it’s not about fitting into our culture – it’s about adding to it. We believe our people make the difference. Our inclusive workforce brings together unique talents and inspires teams to create amazing software that reflects the diversity of our users and customers.

Additional Information:

To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status. SAS is an equal opportunity employer. All qualified applicants are considered for employment without regard to any characteristic protected by law. Read more: Know Your Rights. 

Resumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.

SAS only sends emails from verified “sas.com” email addresses and never asks for sensitive, personal information or money. If you have any doubts about the authenticity of any type of communication from, or on behalf of SAS, please contact Recruitingsupport@sas.com.

Let's stay in touch! Join our Talent Community to stay up to date on company news, job updates and more.

#SAS