Senior Application Security Architect
Top focus
Who We Are Looking For We are looking for a Senior Application Security Architect. You will be responsible for designing, reviewing, and governing security architectures for enterprise applications, APIs, cloud-native platforms, and AI-enabled systems.
You will partner with software engineering, data science, cloud engineering, cybersecurity, and business teams to ensure security is embedded throughout the software and AI development lifecycles. Why This Role Is Important To Us The team you will be joining is part of the Security Architecture organization, a function that is critical to protecting the firm's applications, AI capabilities, data, and digital platforms.
As applications increasingly leverage AI and machine learning technologies, this role is responsible for ensuring secure-by-design principles are applied consistently across traditional applications, cloud-native services, APIs, and AI-powered solutions.
What You Will Be Responsible For As a Senior Application Security Architect, you will: Design and review secure architectures for enterprise applications, APIs, cloud-native platforms, AI-enabled systems, and emerging technologies. Define and maintain application security and AI security standards, architecture patterns, and security requirements.
Conduct security architecture reviews, threat modeling exercises, and design assessments for applications, APIs, and AI solutions. Partner with application development, cloud engineering, AI engineering, and cybersecurity teams to embed security controls throughout the software and AI development lifecycles.
Provide subject matter expertise in secure coding, application security testing, API security, authentication, authorization, AI security, and data protection. Assess security risks associated with applications, AI models, training data, prompts, agents, integrations, and third-party AI services.
Drive adoption of secure-by-design, Zero Trust, DevSecOps, and AI security best practices across the enterprise. Evaluate emerging application security and AI security threats, technologies, and industry standards. What We Value These skills will help you succeed in this role: Deep expertise in application security, secure software development, and modern application architectures.
Strong understanding of AI/ML security risks, Large Language Models (LLMs), agentic AI systems, prompt injection, model misuse, and AI supply chain security. Experience securing cloud-native applications, APIs, microservices, containers, Kubernetes, and AI-enabled platforms.
Strong analytical, problem-solving, and risk assessment skills with the ability to evaluate both traditional and AI-specific security threats. Strong communication and stakeholder management skills with the ability to collaborate across architecture, engineering, cybersecurity, cloud, and data science teams.
Education & Preferred Qualifications Degree in Computer Science, Cybersecurity, Information Technology, Engineering, Data Science, or a related discipline. 14 years or more of experience in application security, software engineering, security architecture, AI security, or related technology disciplines with at least 8 years of hands-on cybersecurity experience preferred.
Demonstrated experience designing and securing enterprise-scale applications across cloud, SaaS, hybrid, and on-premises environments. Deep expertise in secure software development lifecycle (SSDLC), OWASP Top 10, API security, secure coding practices, and application security testing methodologies.
Strong understanding of AI/ML architectures, LLMs, Retrieval-Augmented Generation (RAG), agentic systems, model security, prompt security, and responsible AI principles. Experience with cloud-native technologies, containers, Kubernetes, CI/CD pipelines, DevSecOps practices, and Infrastructure as Code (IaC).
Experience conducting threat modeling, architecture reviews, penetration test remediation, and risk assessments for applications and AI-enabled solutions. Familiarity with SAST, DAST, IAST, software composition analysis (SCA), API security testing, model validation, and AI security assessment techniques.
Professional certifications such as CISSP, CSSLP, CCSP, TOGAF, SABSA, AWS Security Specialty, Azure Security Engineer, AI Security, or equivalent certifications are highly desirable. Experience within financial services or other highly regulated industries is preferred.
Additional Requirements Experience supporting enterprise application modernization, cloud transformation, DevSecOps, and AI adoption initiatives. Ability to work effectively with application development, AI engineering, cloud engineering, architecture, and cybersecurity teams in a global environment.
Limited travel may be required based on business needs. Work Requirement Hybrid: Expected to work in accordance with State Street's hybrid work model. Shift: Standard business hours with flexibility to support global stakeholders across multiple time zones.
Salary Range: $120,000 - $202,500 Annual The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ. Employees are eligible to participate in State Street’s comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.
For a full overview, visit https://hrportal.ehr.com/statestreet/Home . About State Street Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.
We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you’ll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most.
Join us in shaping the future. As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.
Discover more information on jobs at StateStreet.com/careers Read our CEO Statement Job Application Disclosure: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment.
An employer who violates this law shall be subject to criminal penalties and civil liability.