Back to Search
Mid-Level
Application Security Architect
Confirmed live in the last 24 hours
Alarm.com
Tysons, Virginia
On-site
Posted March 27, 2026
Job Description
Do you love diving deep into complex systems? Are you passionate about helping engineering teams ship secure, high‑quality software? Do you get energy from solving practical security problems at scale and partnering closely with developers, architects, and product teams?
If so, we’d love to talk to you. Alarm.com is looking for an Application Security Architect to join our growing security organization—initially as the primary owner of application security, with the opportunity to help shape and potentially build the AppSec function over time. You’ll play a hands‑on, influential role in shaping how we build secure software across a diverse ecosystem—including mobile apps, cloud services, on‑prem systems, IoT devices, and emerging AI‑powered features. You’ll collaborate with engineers across the company, participate in design reviews, lead threat modeling, and help teams adopt secure development practices that keep our customers and partners safe.
Alarm.com offers an environment where you can meaningfully impact both technology and culture. You’ll work with smart, friendly engineers, cutting‑edge products, and a platform that spans everything from home automation to large‑scale data processing. If you enjoy a blend of deep technical work, cross‑team partnership, and practical security engineering, this could be the perfect place to grow your career.
What You'll Do
- Vulnerability Management: Triage and track inbound findings from SAST, DAST, IAST, SCA tools, and external sources (bug bounty, penetration tests). Maintain strong awareness of vulnerability trends and exploitability. Prioritize remediation using a risk-based approach, partnering directly with engineering teams.
- Secure SDLC Integration: Partner with engineering and platform leadership to embed security practices throughout the development lifecycle. Influence and evolve the AppSec tooling and automation roadmap—including emerging AI-assisted capabilities—through prototyping, evaluation, and feedback.
- Threat Modeling & Design Reviews: Lead threat modeling and participate in feature-team design reviews to ensure security best practices are applied across new features and architectural changes. Collaborate early with engineers, architects, and tech leads during design sessions to identify risks, guide secure design decisions, and embed security into system architecture.
- Code & Application Reviews: Perform deep, targeted reviews of high‑risk code paths, APIs, authentication/authorization flows, and sensitive components. Coordinate with Penetration Testers, Red Teams, and Compliance teams to ensure holistic coverage.
- AI & LLM Security: Partner with teams adopting AI and LLM-based systems—both internal tooling and production features—to ensure secure design, model and data protection, prompt/input validation, and safe integration patterns. Assess and mitigate risks related to data leakage, model behavior, supply chain concerns, and emerging AI security threats.
- Automation & Tooling: Build and maintain security automation integrated into CI/CD pipelines. Automate detection, validation, and developer‑friendly remediation workflows to improve signal quality and reduce friction.
- Developer Guidance & Training: Serve as a domain expert and partner to engineering teams. Deliver workshops, provide secure coding guidance, and help teams adopt effective security controls and testing practices.
- Cloud Application Security: Advise on application‑layer security in cloud-native environments, including identity, secrets management, network exposure, and service‑to‑service authentication.
pythonjavajavascriptgoawskubernetesmachine learningaimobiledata
