Application Security Architect

We are Subway Headquarters! A dedicated team of professionals supporting thousands of franchisees around the globe.

Region: Shelton, CT

Ready for a fresh, new career? Look no further because one of the world's most iconic brands can help you get there.

Why Join Us?

At Subway, "better" is baked into our DNA. We are a brand that believes in continued improvement ... in our lives, our businesses, and our planet. From the handshake that started our very first sandwich shop to earning our position as one of the world's leading restaurant brands, we've always embraced change and the path ahead. And today, we're making better living way easier.

Our purpose is about more than the food we serve in our restaurants. It's centered on fueling healthy businesses and healthier lives. It is one of the most exciting times to join the Subway team and contribute to our transformational journey.

About the Role:

We have an exciting opportunity to support our Information Security team as an Application Security Architect based in Shelton, CT. As an Application Security Architect, you are responsible for identifying and assessing threats within software development processes, integrating security tools, penetration testing, and implementing strategic practices to prevent threats in software applications. Subway's Cybersecurity team tenets are based on priority by impact analysis and assessing threats by their effect on Confidentiality, Integrity and Availability.

We are seeking people who will form partnerships and work closely with teams to ensure secure coding, and the security for emerging AI software development processes. You will also provide guidance for developers and security champions, fostering a culture of strong security awareness.

If you feel that this is the role for you, and you are successful with your application, be ready to be Bold, Empowered, Accountable, and ready to have Fun in a fast paced and agile working environment.

Responsibilities include but are not limited to:

• Application Security Assessments: Conduct and ensure the completeness, quality and consistency of software application security assessments. Ensure that SAST, DAST and other application security tools achieve secure outcomes. You are responsible for the validation of penetration testing or other business logic threats, and remediation guidance.
• Education & Collaboration: Educate and inform technical and non-technical teams on secure coding, threat modeling utilizing frameworks like STRIDE, and other security awareness focuses across a range of developer skill levels.
• Team Guidance & Training: As senior technical lead, you will provide supervision, technical guidance, and mentorship to members of the security team, including engineers and analysts. They may also be responsible for leading security awareness training programs for the wider organization to foster a security-conscious culture.
• Communication & Reporting: Effective communication is crucial. You will regularly convey vital information regarding application security posture, emerging threats, strategic needs, project priorities, identified risks, and architectural decisions to diverse audiences, including upper management, business stakeholders, and technical implementation teams. This includes meticulous documentation of architectures, policies, standards, and procedures.

Qualifications:

• Bachelor's in Computer Science or related field required.
• 8 or more years in Information Security, with a focus on application security, enterprise security and design.
• Proven ability to develop and implement comprehensive security strategies.
• Extensive experience in application security and secure coding techniques and strategies.
• Significant experience in AI software development and GenAI SDLC transformation strategies.
• Deep understanding of software development threat modeling and threat assessments.
• Experienced in validation of penetration testing reports and ensuring remediation.
• Proficient in various programming languages (C#, Python, JavaScript, etc.).
• Proficient in DevOps, CI/CD and system orchestration and automation technologies.
• Cloud Security: Strong knowledge of major cloud platforms (Amazon Web Services - AWS, Microsoft Azure, Google Cloud Platform - GCP) and their specific security features and services is essential. An understanding of frameworks like the NIST Cloud Computing Reference Architecture is preferred.
• Excellent communication and interpersonal skills, with the ability to effectively communicate with technical and non-technical stakeholders.
• Strong leadership and management skills, with the ability to motivate and inspire a team.
• Strong analytical and problem-solving skills.
• Indirectly influence -Ability to use negotiation and persuasion to build consensus and gain cooperation.
• Proactively identifies problems/risks for all domain in a project and communicates these issues early to help course-correct.
• Expert in their domain.
• Collaborates on a project level.

What do we Offer?

• Insurance Plans (Medical/Life)
• 401K
• Competitive Bonus
• Mobility Allowance
• Tuition Reimbursement
• Company Holidays
• Volunteering time
• And Many More.....

Actual pay is determined based on a number of job-related factors including skills, education, training, credentials, qualifications, scope and complexity of role responsibilities, geographic location, performance, and working conditions.

The Company is only considering applicants who are currently authorized to work in the country the position is based. AA/EOE/D/V