Solution Architect – Application Security (AppSec) Lead (Zero Trust & Compliance) Location: Toronto, ON- Hybrid – 3 days/week onsite Duration: 12 Months Contract

Role Overview We are seeking a highly experienced Solution Architect – Application Security Lead to drive the design, implementation, and governance of enterprise-grade AppSec, Zero Trust architecture, and regulatory compliance frameworks. This role will be responsible for embedding security-by-design principles across application lifecycles, leading Zero Trust adoption, and ensuring alignment with regulatory and industry standards (e.g., PCI-DSS, OSFI, NIST, ISO 27001).

Key Responsibilities

1. Application Security Strategy & Architecture Define and implement enterprise-wide AppSec strategy aligned with business and security objectives Architect secure SDLC frameworks, integrating: SAST, DAST, SCA, IAST API security Container & cloud-native security Establish security patterns, reference architectures, and guardrails for application teams Drive DevSecOps enablement across CI/CD pipelines

2. Zero Trust Architecture Leadership Lead the design and rollout of Zero Trust architecture across application ecosystems Implement key Zero Trust principles: Continuous verification Least privilege access Micro-segmentation

Integrate with: Identity & Access Management (IAM/CIAM) Privileged Access Management (PAM) Endpoint and workload protection platforms Align application access controls with identity-centric security models

1. Compliance & Regulatory Governance Ensure application security controls meet: OSFI B-13 / B-10 (Canada BFSI) PCI-DSS, SOX, GDPR, ISO 27001, NIST Drive adit readiness, control validation, and compliance reporting Establish risk-based control frameworks and remediation tracking Partner with internal audit, risk, and compliance team

2. Secure Architecture & Threat Modeling Conduct secure design reviews and threat modeling (STRIDE, ATT&CK) Identify and mitigate application-layer vulnerabilities and attack vectors Define security requirements for APIs, microservices, and cloud-native applications Embed security testing and validation processes

3. Engineering & Tooling Enablement Lead deployment and optimization of AppSec tools: SAST: Checkmarx, Fortify, Veracode DAST: Burp, AppScan SCA: Snyk, Black Duck Container security: Prisma, Aqua Integrate tools into CI/CD pipelines (Azure DevOps, GitHub, Jenkins) Drive automation for vulnerability management and remediation tracking

4. Stakeholder & Delivery Leadership Act as a trusted advisor to engineering, architecture, and business leaders Lead cross-functional teams across development, DevOps, and security Provide executive-level reporting on AppSec maturity and risk posture Mentor teams on secure coding and security best practices

Required Qualifications 12+ years in cybersecurity, application security, or architecture roles Proven experience as a Solution Architect or AppSec Lead in large enterprises (preferably BFSI)

Strong expertise in: Secure SDLC / DevSecOps Zero Trust Architecture Cloud platforms (Azure, AWS, GCP) Hands-on experience with AppSec tools and CI/CD integrations Deep understanding of: OWASP Top 10, API Security Top 10 Threat modeling methodologies Experience with regulatory compliance frameworks (OSFI, PCI-DSS, ISO, NIST)

Preferred Certifications CISSP / CISM / CCSP CSSLP (Certified Secure Software Lifecycle Professional) TOGAF (Architecture) SABSA or equivalent security architecture certifications