Senior Application Security Architect

TL;DR

Senior Application Security Architect (Application Security): Guide security initiatives across products by establishing defense-in-depth while enabling secure interoperability with an accent on secure integration patterns, threat modeling, and platform-level security governance. Focus on designing secure cross-product communication, coordinating security testing, and translating critical risks into business-relevant remediation paths.

Location: Portugal Remote

Company

hirify.global is a Vertical AI SaaS company delivering industry cloud solutions in collaboration with Microsoft.

What you will do

• Establish and enforce secure design patterns, reference architectures, and integration standards for cross-product interoperability.
• Perform security risk evaluations during design using threat modeling and drive remediation of identified issues.
• Act as the security stakeholder for platform integrations (shared identity services, API gateways, event buses, and data exchange layers).
• Coordinate security testing for platform components and cross-product interactions.
• Develop application security standards, guidelines, and secure coding practices and drive their implementation in platform components.
• Partner with legal and compliance teams to meet regulatory requirements (SOC 2, GDPR, HIPAA, PCI-DSS) without breaking interoperability goals.

Requirements

• 8+ years of experience in application security, software engineering, or related fields, including at least 3 years in an architecture role or senior individual contributor role.
• Deep expertise in application security concepts: authentication/authorization, cryptography, input validation, API security, secrets management, and secure design principles.
• Experience designing secure integration/interoperability patterns across distributed systems (microservices, REST/GraphQL APIs, event-driven architectures).
• Proficiency with threat modeling methodologies (STRIDE, PASTA, or equivalent) and security architecture review processes.
• Hands-on experience with application security tooling: SAST, DAST, SCA, container scanning, and secrets detection.
• Proficiency in at least one of: .NET, Java, or JavaScript; familiarity with cloud infrastructure security (AWS, Azure, or GCP).

Culture & Benefits

• Hybrid work system with agile and flexible hours.
• Competitive base pay with performance-based variable pay; equity/stock in hirify.global.
• One-time home office stipend; meal allowance; reimbursement for training/continuing education.
• Generous paid parental leave (including adoptive leave) plus paid sick days and other leave types.
• Opportunity to travel to other development centers for product training and cross-site collaboration.

Hiring process

• Interview process typically consists of 3+ virtual or in-person meetings.
• Communication is handled via company recruiter contact and company email addresses.