Solution Architect – Application Security (AppSec), Zero Trust & Compliance
About the role
Role Overview: We are seeking a highly experienced Solution Architect – Application Security Lead to drive the design, implementation, and governance of enterprise-grade AppSec, Zero Trust architecture, and regulatory compliance frameworks. This role will be responsible for embedding security-by-design principles across application lifecycles, leading Zero Trust adoption, and ensuring alignment with regulatory and industry standards (e.g., PCI-DSS, OSFI, NIST, ISO 27001).
Application Security Strategy & Architecture · Define and implement enterprise-wide AppSec strategy aligned with business and security objectives Architect secure SDLC frameworks. · SAST, DAST, SCA, IAST · API security · Container & cloud-native security · Establish security patterns, reference architectures, and guardrails for application teams Drive DevSecOps enablement across CI/CD pipelines
Zero Trust Architecture Leadership · Lead the design and rollout of Zero Trust architecture across application ecosystems. · Implement key Zero Trust principles. · Continuous verification · Least privilege access · Micro-segmentation
Integrate with: · Identity & Access Management (IAM/CIAM) · Privileged Access Management (PAM) · Endpoint and workload protection platforms · Align application access controls with identity-centric security models
Compliance & Regulatory Governance · Ensure application security controls meet: OSFI B-13 / B-10 (Canada BFSI), PCI-DSS, SOX, GDPR, ISO 27001, NIST · Drive audit readiness, control validation, and compliance reporting. · Establish risk-based control frameworks and remediation tracking. · Partner with internal audit, risk, and compliance teams.
Secure Architecture & Threat Modeling · Conduct secure design reviews and threat modeling (STRIDE, ATT&CK). · Identify and mitigate application-layer vulnerabilities and attack vectors. · Define security requirements for APIs, microservices, and cloud-native applications. · Embed security testing and validation processes.
Engineering & Tooling Enablement · Lead deployment and optimization of AppSec tools. · SAST: Checkmarx, Fortify, Veracode · DAST: Burp, AppScan · SCA: Snyk, Black Duck · Container security: Prisma, Aqua · Integrate tools into CI/CD pipelines (Azure DevOps, GitHub, Jenkins). · Drive automation for vulnerability management and remediation tracking.
Stakeholder & Delivery Leadership · Act as a trusted advisor to engineering, architecture, and business leaders. · Lead cross-functional teams across development, DevOps, and security. · Provide executive-level reporting on AppSec maturity and risk posture. · Mentor teams on secure coding and security best practices.
Required Qualifications · 12+ years in cybersecurity, application security, or architecture roles · Proven experience as a Solution Architect or AppSec Lead in large enterprises (preferably BFSI)
Strong expertise in: · Secure SDLC / DevSecOps · Zero Trust Architecture · Cloud platforms (Azure, AWS, GCP) · Hands-on experience with AppSec tools and CI/CD integrations.
Deep understanding of: · OWASP Top 10, API Security Top 10 · Threat modeling methodologies · Experience with regulatory compliance frameworks (OSFI, PCI-DSS, ISO, NIST)
Preferred Certifications: · CISSP / CISM / CCSP · CSSLP (Certified Secure Software Lifecycle Professional) TOGAF (Architecture) SABSA or equivalent security architecture certifications
Not the right fit? Search for Solution Architect jobs in Toronto, Ontario, Canada
About Astra-North Infoteck Inc. ~ Conquering today’s challenges, achieving tomorrow’s vision!
Astra - North Infoteck Inc.
Agile - Systems - Technologies - Resources - Applications
Apply for Jobs@ https://careers.astra-north.com/jobs/
We are a global information technology services, management consulting and outsourcing company headquartered in Canada. Astra North helps clients navigate the ever-changing complex information technology landscape with its portfolio of IT consulting services, managed services and staffing and talent management solutions.
The core challenge facing many businesses in their IT functions is the increasing shortage of talent across the globe and its resultant impact on productivity. To overcome this challenge Astra-North provides its clients with a single source Integrated Recruitment Process Outsourcing - iRPO Service. Astra-North works as a specialist strategic partner for its clients by providing the best talent pool of IT Professionals on contract hire, permanent hire or managed services basis through its comprehensive and integrated recruitment, staff augmentation, workforce solutions, recruitment process outsourcing and managed services programs which are customized for individual client needs. Astra North Staffing Services include managing programs that are in compliance with matters focussing on careers, communications, legal and regulatory issues, technology and outsourcing, budgeting and metrics, IT staffing management best practices and global staffing management issues.
Our technical service extends the entire software development lifecycle from Consulting, Business Process Analysis, Requirement Mapping, Analysis, Design, Development, Testing to Implementation and Support. Astra-North Infoteck has expertise in building, maintaining and reengineering IT solutions to meet its client’s evolving needs.We help clients become agile to meet and exceed their goals.
Astra-North ~ Conquering Today's Challenges, Achieving Tomorrow's Vision!
Similar Jobs
Solution Architect – Application Security (AppSec), Zero Trust & Compliance
About the role
Role Overview: We are seeking a highly experienced Solution Architect – Application Security Lead to drive the design, implementation, and governance of enterprise-grade AppSec, Zero Trust architecture, and regulatory compliance frameworks. This role will be responsible for embedding security-by-design principles across application lifecycles, leading Zero Trust adoption, and ensuring alignment with regulatory and industry standards (e.g., PCI-DSS, OSFI, NIST, ISO 27001).
Application Security Strategy & Architecture · Define and implement enterprise-wide AppSec strategy aligned with business and security objectives Architect secure SDLC frameworks. · SAST, DAST, SCA, IAST · API security · Container & cloud-native security · Establish security patterns, reference architectures, and guardrails for application teams Drive DevSecOps enablement across CI/CD pipelines
Zero Trust Architecture Leadership · Lead the design and rollout of Zero Trust architecture across application ecosystems. · Implement key Zero Trust principles. · Continuous verification · Least privilege access · Micro-segmentation
Integrate with: · Identity & Access Management (IAM/CIAM) · Privileged Access Management (PAM) · Endpoint and workload protection platforms · Align application access controls with identity-centric security models
Compliance & Regulatory Governance · Ensure application security controls meet: OSFI B-13 / B-10 (Canada BFSI), PCI-DSS, SOX, GDPR, ISO 27001, NIST · Drive audit readiness, control validation, and compliance reporting. · Establish risk-based control frameworks and remediation tracking. · Partner with internal audit, risk, and compliance teams.
Secure Architecture & Threat Modeling · Conduct secure design reviews and threat modeling (STRIDE, ATT&CK). · Identify and mitigate application-layer vulnerabilities and attack vectors. · Define security requirements for APIs, microservices, and cloud-native applications. · Embed security testing and validation processes.
Engineering & Tooling Enablement · Lead deployment and optimization of AppSec tools. · SAST: Checkmarx, Fortify, Veracode · DAST: Burp, AppScan · SCA: Snyk, Black Duck · Container security: Prisma, Aqua · Integrate tools into CI/CD pipelines (Azure DevOps, GitHub, Jenkins). · Drive automation for vulnerability management and remediation tracking.
Stakeholder & Delivery Leadership · Act as a trusted advisor to engineering, architecture, and business leaders. · Lead cross-functional teams across development, DevOps, and security. · Provide executive-level reporting on AppSec maturity and risk posture. · Mentor teams on secure coding and security best practices.
Required Qualifications · 12+ years in cybersecurity, application security, or architecture roles · Proven experience as a Solution Architect or AppSec Lead in large enterprises (preferably BFSI)
Strong expertise in: · Secure SDLC / DevSecOps · Zero Trust Architecture · Cloud platforms (Azure, AWS, GCP) · Hands-on experience with AppSec tools and CI/CD integrations.
Deep understanding of: · OWASP Top 10, API Security Top 10 · Threat modeling methodologies · Experience with regulatory compliance frameworks (OSFI, PCI-DSS, ISO, NIST)
Preferred Certifications: · CISSP / CISM / CCSP · CSSLP (Certified Secure Software Lifecycle Professional) TOGAF (Architecture) SABSA or equivalent security architecture certifications
Not the right fit? Search for Solution Architect jobs in Toronto, Ontario, Canada
About Astra-North Infoteck Inc. ~ Conquering today’s challenges, achieving tomorrow’s vision!
Astra - North Infoteck Inc.
Agile - Systems - Technologies - Resources - Applications
Apply for Jobs@ https://careers.astra-north.com/jobs/
We are a global information technology services, management consulting and outsourcing company headquartered in Canada. Astra North helps clients navigate the ever-changing complex information technology landscape with its portfolio of IT consulting services, managed services and staffing and talent management solutions.
The core challenge facing many businesses in their IT functions is the increasing shortage of talent across the globe and its resultant impact on productivity. To overcome this challenge Astra-North provides its clients with a single source Integrated Recruitment Process Outsourcing - iRPO Service. Astra-North works as a specialist strategic partner for its clients by providing the best talent pool of IT Professionals on contract hire, permanent hire or managed services basis through its comprehensive and integrated recruitment, staff augmentation, workforce solutions, recruitment process outsourcing and managed services programs which are customized for individual client needs. Astra North Staffing Services include managing programs that are in compliance with matters focussing on careers, communications, legal and regulatory issues, technology and outsourcing, budgeting and metrics, IT staffing management best practices and global staffing management issues.
Our technical service extends the entire software development lifecycle from Consulting, Business Process Analysis, Requirement Mapping, Analysis, Design, Development, Testing to Implementation and Support. Astra-North Infoteck has expertise in building, maintaining and reengineering IT solutions to meet its client’s evolving needs.We help clients become agile to meet and exceed their goals.
Astra-North ~ Conquering Today's Challenges, Achieving Tomorrow's Vision!