Lead Enterprise AppSec Architect
Raymond James
•
St. Petersburg, FL
0
0
0
0
Not Applicable
Posted April 17, 2026
Job link
Thinking about this job
Responsibilities
Commitments
Responsibilities
- Lead secure design reviews and threat modeling exercises for new applications, features, and architectural changes, ensuring adherence to industry standards, regulatory requirements, and organizational security policies.
- Collaborate with development teams to identify and remediate vulnerabilities in application code and system designs, providing hands-on guidance and actionable recommendations.
- Create and maintain secure reference architectures to serve as a foundation for implementing secure systems, applications, and solutions aligned with the organization's specific needs and technologies.
- Act as a trusted advisor to development teams, integrating security considerations into the software development lifecycle and promoting secure coding practices.
- Assess conformance with architectural standards, focusing on reducing technical debt and optimizing enterprise assets such as systems, services, and information.
- Provide technical expertise on security matters, including encryption, identity and access management, and secure communication protocols.
- Stay current with emerging security threats, trends, and best practices, applying relevant insights to enhance the organization's security posture.
- Collaborate with cross-functional teams, including infrastructure, DevOps tooling, and compliance, to align security measures with organizational goals and ensure seamless integration.
- Support security incident response efforts by contributing architectural expertise and defense-in-depth strategies as needed.
- Perform other duties and responsibilities as assigned, including occasional non-standard shifts or on-call
Commitments
This position will follow our hybrid work model, we expect the selected candidate to be in office 10 days a month at one of the following office locations: St.
Petersburg, FL; Memphis, TN, Southfield MI
Perform other duties and responsibilities as assigned, including occasional non-standard shifts or on-call
The ability to quickly acquire relevant business acumen is essential.
Travel
Less than 25%
Workstyle
Hybrid
At Raymond James our associates use five guiding behaviors (Develop, Collaborate, Decide, Deliver, Improve) to deliver on the firm's core values of client-first, integrity, independence and a conservative, long-term view.
We Expect Our Associates At All Levels To
Not Met Priorities
What still needs stronger evidence
Requirements
- 7+ years of experience in an application security engineering or architecture role, with a demonstrated focus on secure design reviews, threat modeling, and vulnerability management.
- In-depth knowledge of web application security principles, secure coding practices, and addressing common vulnerabilities (e.g., OWASP Top 10).
- Proficiency in designing secure architectures for on-premises and cloud (e.g.
- AWS, Azure) environments.
- Strong understanding of OAuth, authentication, and authorization mechanisms, including multi-factor authentication, single sign-on, and emerging technologies like password-less authentication.
- Experience in encryption technologies, such as certificate-based and token-based cryptography.
- Familiarity with network protocols, topologies, incident response, and defense-in-depth strategies.
- Understanding of SAST, DAST, and SCA scanning tool capabilities.
- Experience integrating application security controls into automated CI/CD pipelines.
- Exceptional communication skills, capable of bridging the gap between technical and business stakeholders.
- The ability to quickly acquire relevant business acumen is essential.
- General Experience - 6 to 10 years, Manager Experience - 3 to 6 years
Preferred Skills
- AWS, Azure) environments.
- Experience in encryption technologies, such as certificate-based and token-based cryptography.
- Financial services experience is a plus but not required.
- The ability to quickly acquire relevant business acumen is essential.
Education
- (Required) – Bachelor’s: Computer and Information Science (Required), Bachelor’s: Information Technology
Job Description Summary
The Raymond James Enterprise Application Security Architecture team is seeking a Lead Security Architect to strengthen our organization’s security posture by focusing on secure design reviews, threat modeling, and vulnerability remediation. This role is integral to ensuring our applications and systems meet the highest security standards. The ideal candidate will be highly skilled in identifying, analyzing, and mitigating security risks, as well as collaborating with development teams to remediate vulnerabilities in both design and code effectively. Additionally, the position involves creating secure reference architectures informed by design reviews and industry best practices.
Job Description
This position will follow our hybrid work model, we expect the selected candidate to be in office 10 days a month at one of the following office locations: St. Petersburg, FL; Memphis, TN, Southfield MI
Responsibilities
Lead secure design reviews and threat modeling exercises for new applications, features, and architectural changes, ensuring adherence to industry standards, regulatory requirements, and organizational security policies.
Collaborate with development teams to identify and remediate vulnerabilities in application code and system designs, providing hands-on guidance and actionable recommendations.
Create and maintain secure reference architectures to serve as a foundation for implementing secure systems, applications, and solutions aligned with the organization's specific needs and technologies.
Act as a trusted advisor to development teams, integrating security considerations into the software development lifecycle and promoting secure coding practices.
Assess conformance with architectural standards, focusing on reducing technical debt and optimizing enterprise assets such as systems, services, and information.
Provide technical expertise on security matters, including encryption, identity and access management, and secure communication protocols.
Stay current with emerging security threats, trends, and best practices, applying relevant insights to enhance the organization's security posture.
Collaborate with cross-functional teams, including infrastructure, DevOps tooling, and compliance, to align security measures with organizational goals and ensure seamless integration.
Support security incident response efforts by contributing architectural expertise and defense-in-depth strategies as needed.
Perform other duties and responsibilities as assigned, including occasional non-standard shifts or on-call
Skills
7+ years of experience in an application security engineering or architecture role, with a demonstrated focus on secure design reviews, threat modeling, and vulnerability management.
In-depth knowledge of web application security principles, secure coding practices, and addressing common vulnerabilities (e.g., OWASP Top 10).
Proficiency in designing secure architectures for on-premises and cloud (e.g. AWS, Azure) environments.
Strong understanding of OAuth, authentication, and authorization mechanisms, including multi-factor authentication, single sign-on, and emerging technologies like password-less authentication.
Experience in encryption technologies, such as certificate-based and token-based cryptography.
Familiarity with network protocols, topologies, incident response, and defense-in-depth strategies.
Understanding of SAST, DAST, and SCA scanning tool capabilities.
Experience integrating application security controls into automated CI/CD pipelines.
Exceptional communication skills, capable of bridging the gap between technical and business stakeholders.
Financial services experience is a plus but not required.
The ability to quickly acquire relevant business acumen is essential.
Education
Bachelor’s: Computer and Information Science (Required), Bachelor’s: Information Technology
Work Experience
General Experience - 6 to 10 years, Manager Experience - 3 to 6 years
Certifications
Travel
Less than 25%
Workstyle
Hybrid
At Raymond James our associates use five guiding behaviors (Develop, Collaborate, Decide, Deliver, Improve) to deliver on the firm's core values of client-first, integrity, independence and a conservative, long-term view.
We Expect Our Associates At All Levels To
Grow professionally and inspire others to do the same
Work with and through others to achieve desired outcomes
Make prompt, pragmatic choices and act with the client in mind
Take ownership and hold themselves and others accountable for delivering results that matter
Contribute to the continuous evolution of the firm
At Raymond James – as part of our people-first culture, we honor, value, and respect the uniqueness, experiences, and backgrounds of all of our Associates. When associates bring their best authentic selves, our organization, clients, and communities thrive. The Company is an equal opportunity employer and makes all employment decisions on the basis of merit and business needs.
The Raymond James Enterprise Application Security Architecture team is seeking a Lead Security Architect to strengthen our organization’s security posture by focusing on secure design reviews, threat modeling, and vulnerability remediation. This role is integral to ensuring our applications and systems meet the highest security standards. The ideal candidate will be highly skilled in identifying, analyzing, and mitigating security risks, as well as collaborating with development teams to remediate vulnerabilities in both design and code effectively. Additionally, the position involves creating secure reference architectures informed by design reviews and industry best practices.
Job Description
This position will follow our hybrid work model, we expect the selected candidate to be in office 10 days a month at one of the following office locations: St. Petersburg, FL; Memphis, TN, Southfield MI
Responsibilities
Lead secure design reviews and threat modeling exercises for new applications, features, and architectural changes, ensuring adherence to industry standards, regulatory requirements, and organizational security policies.
Collaborate with development teams to identify and remediate vulnerabilities in application code and system designs, providing hands-on guidance and actionable recommendations.
Create and maintain secure reference architectures to serve as a foundation for implementing secure systems, applications, and solutions aligned with the organization's specific needs and technologies.
Act as a trusted advisor to development teams, integrating security considerations into the software development lifecycle and promoting secure coding practices.
Assess conformance with architectural standards, focusing on reducing technical debt and optimizing enterprise assets such as systems, services, and information.
Provide technical expertise on security matters, including encryption, identity and access management, and secure communication protocols.
Stay current with emerging security threats, trends, and best practices, applying relevant insights to enhance the organization's security posture.
Collaborate with cross-functional teams, including infrastructure, DevOps tooling, and compliance, to align security measures with organizational goals and ensure seamless integration.
Support security incident response efforts by contributing architectural expertise and defense-in-depth strategies as needed.
Perform other duties and responsibilities as assigned, including occasional non-standard shifts or on-call
Skills
7+ years of experience in an application security engineering or architecture role, with a demonstrated focus on secure design reviews, threat modeling, and vulnerability management.
In-depth knowledge of web application security principles, secure coding practices, and addressing common vulnerabilities (e.g., OWASP Top 10).
Proficiency in designing secure architectures for on-premises and cloud (e.g. AWS, Azure) environments.
Strong understanding of OAuth, authentication, and authorization mechanisms, including multi-factor authentication, single sign-on, and emerging technologies like password-less authentication.
Experience in encryption technologies, such as certificate-based and token-based cryptography.
Familiarity with network protocols, topologies, incident response, and defense-in-depth strategies.
Understanding of SAST, DAST, and SCA scanning tool capabilities.
Experience integrating application security controls into automated CI/CD pipelines.
Exceptional communication skills, capable of bridging the gap between technical and business stakeholders.
Financial services experience is a plus but not required.
The ability to quickly acquire relevant business acumen is essential.
Education
Bachelor’s: Computer and Information Science (Required), Bachelor’s: Information Technology
Work Experience
General Experience - 6 to 10 years, Manager Experience - 3 to 6 years
Certifications
Travel
Less than 25%
Workstyle
Hybrid
At Raymond James our associates use five guiding behaviors (Develop, Collaborate, Decide, Deliver, Improve) to deliver on the firm's core values of client-first, integrity, independence and a conservative, long-term view.
We Expect Our Associates At All Levels To
Grow professionally and inspire others to do the same
Work with and through others to achieve desired outcomes
Make prompt, pragmatic choices and act with the client in mind
Take ownership and hold themselves and others accountable for delivering results that matter
Contribute to the continuous evolution of the firm
At Raymond James – as part of our people-first culture, we honor, value, and respect the uniqueness, experiences, and backgrounds of all of our Associates. When associates bring their best authentic selves, our organization, clients, and communities thrive. The Company is an equal opportunity employer and makes all employment decisions on the basis of merit and business needs.