Application Security Architect (F/M)

Location 92-HAUTS-DE-SEINE, France
Experience level Experienced Hire
Job details sector Information Technology
Apply before Date not available

Job Description:

This role will be responsible for providing strategic direction and subject matter expertise in desktop, web, mobile and cloud application security across the enterprise. Through powerful collaboration with solution developers, business analysts and managed service providers, the successful candidate will investigate global necessities to adequately understand business requirements with a view to producing application security solutions that meet current and future business needs. In addition to having a strong technical background, the successful candidate will be a strategic thinker capable of developing and implementing an effective application security framework - premised on best practices such as SDLC, OWASP Top 10 and CWE Top 25 - for the organization.

The Application Security Architect will also provide leadership within the Group Security Architecture team on matters relating to Application Security and be responsible for the definition of the security architectures to be implemented. This is a role focused on people, process and necessary tools to support Secure SDLC for global applications and BB1 application development environment and technology operations. The role requires a grasp of application security principles and practices and a background working in an application development and coding environment within a business.


  • Build a very close working relationship with DevOps, application development and Group Security Assurance teams.
  • Provide strong leadership and cross-functional / stakeholder communications
  • Provide security design, consultancy, and assessment services while introducing improvements in technical security standards and security implementation designs/patterns;
  • Conduct gap analysis and develop a road map of the evolution of Application Security capabilities from its current to a target state that meets security, agility, usability and compliance requirements;
  • Work as the lead to design, implement and govern the overall security architecture of the products;
  • Develop application security strategy & roadmap, and coordinate execution within Group Security and with entities;
  • Aligning the secure development lifecycle to industry standards, including Microsoft SDL, OWASP development guides and privacy related topics;
  • Maintain documentation related to Application Security including the development of secure coding policies, procedures and standards, modification of the Secure Software Development Life Cycle (SSDLC) to include necessary security checkpoints, code review methodologies, etc.;
  • Perform proof-of-concept and proof-of-technology testing for integrating new 3rd party security products into the development and deployment processes;
  • Perform threat modelling and deliver guidance on countermeasures and threat mitigation techniques;
  • Determine security requirements by researching information security standards, vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates;
  • Design business appropriate and risk managed technology to meet the business needs and interface with business units regarding technical planning and application security topics;
  • Lead the integration of security engineering automation tools into the CI/CD pipeline, as SAST and IAST;
  • Develop and maintain security procedures and guidelines for the products;
  • Plan, coordinate, and lead teams with the design, integration, development, validation and implementation of specific security policies, systems and services;
  • Create application security advisory service; develop, publish and maintain secure coding practices; and produce platform specific security standards as required;
  • Define metrics that measure effectiveness of application security efforts;
  • Develop testing checklists and methodologies, clearly document and articulate information risks associated with identified software flaws, and provide detailed guidance on remediation;
  • Research, design and oversee implementation of application security technology solutions that meet
  • organizational needs;
  • Identify and tailor application security requirements to solution development projects as required;
  • Develop reference Application and SaaS Security Architecture and ensure project and solutions delivery to that architecture;
  • Manage relationships and interactions with human resources, legal, customers and internal audit departments;
  • Attend design and application architectural reviews and actively lead discussions from a security standpoint. 

Minimum Experience & Qualifications: 

  • Minimum of 3+ years in the following security functional areas: application security, authentication and authorization, identity and access management, dynamic application security testing, static application security testing, Middleware security, data security, security monitoring or SSO/2FA security, vulnerability management;
  • Expertise in mitigating and addressing technology or application threat vectors;
  • Expertise in building a defence in depth infrastructure security architecture that includes security controls across multiple technology stacks;
  • Experience with Web Application Firewalls, Runtime Application Self-Protection (RASP), Reverse Proxies, and security assessment tools/methodology (network, systems, and application);
  • Solid knowledge and understanding of securing all major web server environments and cloud platforms based on OWASP top ten recommendations;
  • Demonstrated knowledge of regulatory and statutory compliance requirements across industries;
  • An Information Security and/or Web application security certification; e.g., SANS GWEB or GWAPT, CSSLP;
  • Familiarity with dynamic web application vulnerability scanning tools and services;
  • Familiarity with static code analysis tools and services;
  • Familiarity with high level programming languages;

Job Requirements:

  • Bachelor’s Degree in Computer Science or related field. Equivalent work experience will be considered;
  • 5-7 or more years of experience in a diversified IT or information security role is required;
  • 5 or more years of security design and architecture is preferred;
  • Excellent knowledge of secure software development lifecycle and practices is required;
  • Experience mitigating or advising on mitigation techniques for OWASP Top 10 and SANS/CWE Top 25 security vulnerabilities required;
  • Broad understanding of information security tenets and security architecture principles is required;
  • Experience developing strategies and roadmaps in line with best practices and proven frameworks is required;
  • Experience using static, dynamic and interactive application security testing tools is required;
  • Ability to thoroughly review technical design components to ensure alignment with security policies, standards and best practices is required;
  • Strong knowledge and understanding of current and emerging cyber security threats, vulnerabilities, trends and mitigations ranging across the technologies required to provide layered defence is required;
  • Must be able to represent cyber security viewpoint through excellent communication skills to both technical and non-technical audience;
  • Demonstrated ability to identify application security requirements and validate implementation of specified requirements into a robust architecture that sufficiently protects valuable digital resources is preferred;
  • Understanding of application threat modelling and SDLC security practices;
  • Curious, inquisitive, lifelong learner and self-starter;
  • Strong documentation skills in writing application security policies, procedures and standards;
  • Experience with agile software development methods using SCRUM preferred;
  • CISSP-CSSLP Certification preferred;
  • SANS GWAPT/GWEB certification is a plus;
  • Experience working with SAP and web applications preferred;
  • Active participation in cybersecurity forums/conventions, e.g. DEFCON, Black Hat. Public speaking is a plus;
  • Soft skills - effective communication (internal, customer, legal counsel), collaboration (internal, external), effective written skills (white papers, vulnerability specifications etc.), ability to manage itself and push the security initiatives forward;
  • Clear on responsibilities yet flexible and willing to "carry water" during times of ambiguity;
  • Able to effectively give, receive, and respond to feedback.

Would you like to wake up every day driven and inspired by our noble mission and to work together as one global team to empower people to live a better life? Here at AXA we strive to lead the transformation of our industry. We are looking for talented individuals who come from varied backgrounds, think differently and want to be part of this exciting transformation by challenging the status quo so we can push AXA - a leading global brand and one of the most innovative companies in our industry - onto even greater things.

In a fast-evolving world and with a presence in 64 countries, our 165,000 employees and exclusive distributors anticipate change to offer services and solutions tailored to the current and future needs of our 107 million customers.

To support our business strategy and digital transformation, AXA is building a new Group Information Security Practice to ensure a coordinated response to the increasing cyber security threat, enable risk decisions to be made consistently across the organization and establish sustainable security capabilities that are integrated with the business.
Our vision for Information Security is to ‘protect our stakeholders by securing our information assets, managing our cyber risk and enabling business strategies in an efficient and effective way, fully supported by executive leadership and underpinned by all AXA employees’.

At AXA, we lead a an HR policy that encourages diversity, maintains your  professional and private life balance and accelerates the skills and career development : promotion of diversity, remuneration policy, training device, ... Discover everything that makes AXA an employer of choice.
Whatever your job is, we strive to offer you career opportunities. Our goal is to develop your skills to support the transformation of our changing business.