Senior Security Architect

Kaseya • Remote (United States) • 3d ago

Kaseya^® is the leading provider of complete IT infrastructure and security management solutions for Managed Service Providers (MSPs) and internal IT organizations worldwide powered by AI. Kaseya’s best-in-breed technologies allow organizations to efficiently manage and secure IT to drive sustained business success. Kaseya has achieved sustained, strong double-digit growth over the past several years and is backed by Insight Venture Partners www.insightpartners.com), a leading global private equity firm investing in high-growth technology and software companies that drive transformative change in the industries they serve.

Founded in 2000, Kaseya currently serves customers in over 20 countries across a wide variety of industries and manages over 15 million endpoints worldwide. To learn more about our company and our award-winning solutions, go to www.Kaseya.com and for more information on Kaseya’s culture, please click here: Kaseya Culture.

Kaseya is not your typical company. We are not afraid to tell you exactly who we are and our expectations. We have achieved record levels of success being BOLD, being GRITTY, being ACCOUNTABLE. The thousands of people that succeed at Kaseya are prepared to go above and beyond for the betterment of our customers, and the betterment of their careers and long-term financial wealth.

WHAT YOU’LL DO:

As a cutting-edge technology company, we are searching for a talented Senior Application Security Architect to join our exceptional team. Kaseya is a leader in delivering groundbreaking solutions that empower businesses to thrive in the digital age. You should be a technical contributor who will build and maintain infrastructure focused security solutions. In this position, you will be responsible for planning, coordinating, and executing initiatives that improve the security posture of Kaseya’s infrastructure. You will be responsible for designing, implementing, and maintaining robust security measures, defending against potential threats that could disrupt operations or compromise sensitive information.

WHAT WE ARE LOOKING FOR:

The ideal candidate will work on a wide variety of interesting technical problems, operate at scale in an environment with over an exabyte of data, have opportunities to green field solutions, and operate with both autonomy and empowerment from senior leadership.

Prior experience as a application security architect is preferred, the candidate must have experience and demonstrate capability in this domain. This person must have effective communication and project management skills.

THE SCHEDULE:
This position is 100% remote.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

General Security Architecture Responsibilities

Assist with the development and maintenance of enterprise-wide security architecture frameworks.

Provide guidance and recommendations for the development of security policies and standards.

Conduct risk assessments and threat modeling (DREAD) for all enterprise infrastructure components.

Ensure infrastructure design adheres to regulatory and compliance requirements (e.g., ISO 27001, NIST, GDPR, HIPAA).

Provide guidance and support to project teams, developers, and IT operations with the design of secure enterprise systems.

Assist with architecture planning, integrations, disaster recovery strategy.

Evaluate new technologies and assist with the secure design to ensure alignment with enterprise architectural standards.

Work with stakeholders to assist with the successful implementation of secure applications and infrastructure.

Ensure thorough documentation of tickets, meetings, and interactions with fellow engineers and requestors.

Assist with the planning, development, and execution of security initiatives focused on applications.

Identify trends in need of a larger solution, beyond the scope of the immediate problem.

Assist with the evaluation of tools to ensure that the appropriate security solutions are implemented, effectively meeting or surpassing the company's use cases and requirements.

Perform other security related duties as assigned

Limited off-hours support is required.

Limited travel may be required.

WHAT YOU’LL BRING:

Application Security Architecture

Design and maintain secure application architecture principles, blueprints, and patterns.

Define and enforce secure-by-design practices across all application development efforts.

Collaborate with development and engineering teams to embed security throughout the software development lifecycle (SDLC).

Conduct and lead threat modeling sessions for new and existing applications.

Assess application security risks and provide actionable recommendations.

Translate complex technical risks into business-impacting language for stakeholders.

Provide guidance on secure coding practices to development teams.

Support secure API design, identity and access management (IAM) in apps, and data protection controls.

Integrate application security tools (SAST, DAST, IAST, SCA) into CI/CD pipelines to enable DevSecOps.

Perform and support secure code reviews (manual and automated).

Coordinate or conduct application penetration testing and vulnerability assessments.

Work with development teams to triage, prioritize, and remediate security findings.

Define and maintain application security policies, standards, and guidelines.

Ensure applications meet internal security requirements and external regulatory obligations (e.g., PCI-DSS, SOC 2, GDPR).

Document architectural decisions, exception handling, and risk acceptances.

Act as a trusted advisor to development, product, and infrastructure teams.

Partner with internal teams to integrate security early in product design.

Evangelize application security best practices and drive cultural change.

Develop and deliver training and awareness programs for secure coding and AppSec tooling.

Mentor developers, architects, and security engineers on secure development principles.

Assist in application-layer security incident investigations and post-incident reviews.

Provide architectural input to prevent future vulnerabilities or exposures.

Provide security advice to Product and Business Units, ensuring integration, compliance, and risk mitigation.

Assist with establishing secure patch management and vulnerability remediation processes.

Proficiency with Infrastructure as Code (IaC) and its supporting technologies, such as: Terraform, CloudFormation, code depositories and deployment pipelines

Collaborate with DevSecOps on initiatives to integrate security into CI/CD pipelines and IaC.

Provide guidance on how to build secure platforms that are stable, maintainable, and scalable.

Provided guidance on the implementation of cloud-native security controls including IAM policies, key management, and logging.

Define architecture standards for secure cloud networking, workload protection, and encryption.

Provide security advice to Product and Business Units, ensuring integration, compliance, and risk mitigation.

Assist with the documentation and maintenance of cloud security standards and best practices.

QUALIFICATIONS AND EXPERIENCE

Required Qualifications

Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Information Systems, or related field.

7+ years of experience in application security, software architecture, or related roles.

Deep understanding of OWASP Top 10, CWE/SANS Top 25, and common vulnerability patterns.

Hands-on experience with AppSec tools (SAST, DAST, IAST, SCA, RASP).

Strong background in secure coding practices for languages such as C#, Java, .NET, Python, JavaScript, etc.

Experience with cloud-native application security (AWS, Azure, GCP).

Familiarity with modern DevOps/CI-CD pipelines and containerized environments (e.g., Docker, Kubernetes).

Certifications Preferred

CISSP (Certified Information Systems Security Professional)

CSSLP (Certified Secure Software Lifecycle Professional)

OSWE (Offensive Security Web Expert)

CCSP (Certified Cloud Security Professional)

AWS/Azure/GCP Security Specialty Certifications

TOGAF or SABSA Certification (preferred)

IND2

Join the Kaseya growth rocket ship and see how we are #ChangingLives !

Additional information
Kaseya provides equal employment opportunity to all employees and applicants without regard to race, religion, age, ancestry, gender, sex, sexual orientation, national origin, citizenship status, physical or mental disability, veteran status, marital status, or any other characteristic protected by applicable law.