Job Description

Job Title: Application Security Architect – Threat Modeling

Location: Charlotte, NC | Raleigh, NC | Irving (Dallas), TX | Columbus, OH
Schedule: Hybrid (3 days onsite / 2 remote)
Duration: 12+ month contract (strong potential to extend)
Hours: M–F, standard business hours (flexible; earlier schedule in DFW)

Overview

We are seeking an experienced Application Security Architect (Threat Modeler) to support enterprise-scale security initiatives. This role focuses on deep, architecture-driven threat modeling across complex applications, platforms, and cloud environments.

You will partner closely with engineering and architecture teams to analyze system design, identify realistic attack paths, and recommend pragmatic, risk-based mitigations. This is a highly technical, hands-on role requiring strong system design knowledge—not just theoretical security expertise.

Key Responsibilities

• Perform architecture-driven threat modeling across enterprise applications and platforms
• Decompose systems into components, data flows, and trust boundaries
• Apply structured methodologies such as STRIDE, PASTA, or VAST
• Use tools such as ThreatModeler, OWASP Threat Dragon, or Microsoft TMT
• Identify, assess, and prioritize threats based on real-world risk and exploitability
• Validate security controls through architecture review, configurations, and code analysis
• Recommend practical, design-level mitigations aligned to business risk
• Document and present findings to engineering teams, leadership, and risk stakeholders
• Partner with cybersecurity and platform teams to improve security patterns and controls
• Manage multiple concurrent threat modeling efforts with strong delivery discipline

Required Qualifications

• 6+ years of experience in software engineering, systems architecture, or platform engineering
• 2+ years of experience in application security or threat modeling
• Hands-on experience with threat modeling methodologies (STRIDE, PASTA, VAST)
• Experience using threat modeling tools (ThreatModeler, OWASP Threat Dragon, Microsoft TMT)
• Strong understanding of:
  • Distributed systems / microservices architectures
  • Cloud platforms (AWS, Azure, or GCP)
  • Application security risks (auth flaws, trust boundaries, data handling)
• Ability to read and analyze code, configs, or IaC artifacts
• Scripting/automation experience (e.g., Python)
• Strong communication skills with ability to lead technical discussions

Preferred Qualifications

• Experience leading enterprise threat modeling programs
• Background in cloud-native or event-driven architectures
• Exposure to AI/GenAI systems security
• Familiarity with Threat Modeling as Code (TaaC)
• Security or cloud certifications (CISSP, CCSP, AWS/Azure/GCP)
• Experience in large, regulated enterprise environments

What Makes This Role Strong

• Heavy focus on real architecture analysis vs. checklist security
• High visibility with engineering and leadership teams
• Opportunity to influence enterprise-wide security patterns
• Work across modern cloud and distributed systems environments