Job Description
The Application Security Architect at Alarm.com is responsible for leading application security efforts across diverse systems, including mobile, cloud, IoT, and AI, by conducting threat modeling, code reviews, vulnerability management, and integrating security practices into the development lifecycle to ensure the creation of secure software.
Key Responsibilities
- Lead vulnerability management by triaging and tracking findings from security tools and external sources, prioritizing remediation based on risk.
- Integrate security practices into the software development lifecycle and influence tooling and automation strategies.
- Conduct threat modeling and participate in design reviews to ensure security best practices are applied during system and feature development.
- Perform deep security reviews of high-risk code components and coordinate with testing teams to ensure comprehensive coverage.
- Partner with teams adopting AI and LLM systems to ensure secure design, data protection, and safe integration.
- Build and maintain security automation within CI/CD pipelines to improve detection, validation, and remediation workflows.
- Provide security guidance and training to engineering teams on secure coding, development practices, and security controls.
- Advise on application security in cloud-native environments and IoT device platforms.
- Translate security policies into practical developer guidance and support compliance activities.
- Collaborate with InfoSec during security incidents, maintaining runbooks and contributing to post-incident reviews.
Requirements
- Ten (10) years of experience in application security, software engineering, or related technical security roles, with a minimum of eight (8) years acceptable for exceptionally strong candidates.
- Proficiency in at least one programming language such as Python, JavaScript, or C, and the ability to navigate large, complex codebases.
- Knowledge of application security best practices across both cloud and on-premises environments, including cloud-hosted Kubernetes and related cloud services.
- Hands-on experience with Application Security (AppSec) tooling and techniques such as SAST, DAST, SCA, IAST, and Web Application Firewall (WAF).
- Strong understanding of vulnerabilities, exploitability, and security principles, including OWASP Top 10 and secure design patterns.
- Experience with CI/CD pipelines and DevSecOps practices.
- Demonstrated ability to influence engineering teams and drive security outcomes without relying on authority.
- Strong analytical thinking and practical problem-solving skills, with a balanced approach to technical risk.
- Excellent written and verbal communication skills, capable of explaining complex security issues to both technical and non-technical audiences.
- Ability to perform deep, targeted reviews of high-risk code paths, APIs, authentication and authorization flows, and sensitive components.
- Experience collaborating with Penetration Testers, Red Teams, and Compliance teams to ensure holistic security coverage.
- Partnering with teams adopting AI and LLM-based systems to ensure secure design, model and data protection, prompt input validation, and safe integration patterns, including assessing and mitigating risks related to data leakage, model behavior, supply chain concerns, and emerging AI security threats.
- Build and maintain security automation integrated into CI/CD pipelines to automate detection, validation, and developer-friendly remediation workflows.
- Serve as a domain expert and partner to engineering teams by delivering workshops, providing secure coding guidance, and helping teams adopt effective security controls and testing practices.
- Advise on application layer security in cloud-native environments, including identity management, secrets management, network exposure, and service-to-service authentication.
- Provide security guidance for IoT devices and platform components, including OSS dependency risk analysis and security considerations for legacy or constrained devices.
- Translate policy and compliance requirements into practical guidance for developers, contribute to policy evolution, and support audit activities as needed.
- Collaborate with InfoSec during security incidents and investigations, maintaining and evolving runbooks, and contributing to post-incident reviews to drive systemic improvements.
- Sponsorship of new applicants for employment authorization or other immigration-related support is not available for this position.
Benefits & Perks
Competitive pay and benefits including subsidized medical plan options
HSA with generous company contribution
401(k) plan with employer match
Paid holidays, wellness time, and vacation increasing with tenure
Paid maternity and bonding leave
Company-paid disability and life insurance
FSAs (Flexible Spending Accounts)
Well-being resources and activities
Casual dress work environment
Ready to Apply?
Join Alarm.com and make an impact in renewable energy
Stay Updated on Sustainability Jobs
Get the latest renewable energy jobs and career tips delivered to your inbox.
Job Alerts
Get notified about new sustainability jobs
More jobs at Alarm.com
Senior Software Engineer
Alarm.com
NEW
Tysons
Full Time
18h
Product Manager II - Hardware
Alarm.com
NEW
Tysons
Full Time
18h
Staff Device Engineer
Alarm.com
Boston
Full Time
3d
$165k-185k