Job Description
The Application Security Architect at Alarm.com is responsible for leading application security efforts across various systems, including mobile, cloud, IoT, and AI, by performing threat modeling, code reviews, vulnerability management, and integrating security practices into the development lifecycle to ensure the creation of secure software.
Key Responsibilities
- Lead vulnerability management by triaging and tracking findings from security tools and external sources, and prioritizing remediation with engineering teams.
- Integrate security practices into the software development lifecycle and influence tooling and automation for application security.
- Conduct threat modeling and participate in design reviews to ensure security best practices are applied during system and feature development.
- Perform deep code reviews of high-risk components, APIs, and authentication flows, coordinating with penetration testers and compliance teams.
- Partner with teams adopting AI and LLM systems to ensure secure design, data protection, and mitigate AI-specific security risks.
- Build and maintain security automation within CI/CD pipelines to improve detection, validation, and remediation workflows.
- Provide secure coding guidance, deliver training, and assist engineering teams in adopting security controls and testing practices.
- Advise on application security in cloud-native environments and provide security guidance for IoT devices and platform components.
- Translate security policies and compliance requirements into practical developer guidance and support audit activities.
- Collaborate with InfoSec during security incidents, maintaining runbooks and contributing to post-incident reviews.
Requirements
- Ten (10) years of experience in application security, software engineering, or related technical security roles, with a minimum of eight (8) years acceptable for exceptionally strong candidates.
- Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering, or a related field, or equivalent work experience.
- Proficiency in at least one programming language such as Python, JavaScript, or C, and the ability to navigate large, complex codebases.
- Knowledge of application security best practices across both cloud and on-premises environments, including cloud-hosted Kubernetes and related cloud services.
- Hands-on experience with Application Security (AppSec) tooling and techniques such as SAST, DAST, SCA, IAST, WAF, etc.
- Strong understanding of vulnerabilities, exploitability, and security principles, including OWASP Top 10 and secure design patterns.
- Experience with CI/CD pipelines and DevSecOps practices.
- Demonstrated ability to influence engineering teams and drive security outcomes without relying on authority.
- Strong analytical thinking and practical problem-solving skills, with a balanced approach to technical risk.
- Excellent written and verbal communication skills, capable of explaining complex security issues to both technical and non-technical audiences.
Benefits & Perks
Competitive pay and benefits
Subsidized medical plan options
HSA with generous company contribution
401(k) with employer match
Paid holidays
Wellness time
Vacation increasing with tenure
Paid maternity and bonding leave
Company-paid disability and life insurance
FSAs (Flexible Spending Accounts)
Well-being resources and activities
Casual dress work environment
Ready to Apply?
Join Alarm.com and make an impact in renewable energy
Stay Updated on Sustainability Jobs
Get the latest renewable energy jobs and career tips delivered to your inbox.
Job Alerts
Get notified about new sustainability jobs