Application Security Architect

POSITION SUMMARY:

As the Application Security Architect, you will work on-site at our corporate office in Springfield, MO, and lead the strategy and execution of application security across both modern cloud-native platforms and legacy WebSphere Commerce Suite (WCS) environments. You will be responsible for designing, implementing, and maintaining secure software development practices, application security controls, and threat mitigation strategies across diverse technology stacks. The ideal candidate will bring deep expertise in secure coding, DevSecOps, cloud-native application security, and legacy platform hardening. This role will collaborate closely with development, infrastructure, cloud engineering, and business teams to ensure secure design and implementation of applications across hybrid environments.

ESSENTIAL FUNCTIONS:

Application Security & DevSecOps:

• Integrate security testing and compliance validation (SAST, DAST, SCA) into CI/CD workflows using tools such as Git, Jenkins, SonarQube, and container registries

• Develop and maintain security-as-code and policy-as-code models to enforce preventive and detective controls across application environments

• Champion “shift-left” principles by embedding security tooling and practices early in the software development lifecycle

• Drive adoption of automated vulnerability management, threat modeling, and secure coding practices across cloud and legacy platforms

• Collaborate with development teams to remediate vulnerabilities and implement secure design patterns

Legacy Platform Security (WCS):

• Assess and enhance the security posture of legacy WebSphere Commerce Suite applications

• Implement secure coding standards and hardening techniques specific to Java-based legacy systems

• Design compensating controls and monitoring strategies to mitigate risks in legacy environments

• Collaborate with infrastructure and operations teams to secure WCS integrations, APIs, and data flows

Cloud-Native Application Security:

• Architect secure application solutions in Azure and GCP with emphasis on identity management, workload isolation, and data protection

• Define and implement application-layer controls using CSPM, CWPP, and container security tools

• Secure containerized and serverless applications using platform-native controls and third-party solutions

• Build reusable secure design patterns and reference architectures for cloud-native applications

Governance, Strategy & Innovation:

• Establish and continuously improve application security policies, standards, and secure development guidelines

• Conduct threat modeling and risk assessments for both cloud-native and legacy applications

• Evaluate and prototype emerging application security technologies and methodologies

• Lead architecture review processes to ensure alignment with enterprise risk tolerance and regulatory standards

• Mentor developers and architects on secure coding, threat modeling, and application security best practices

• Collaborate with audit, risk, and compliance teams to ensure applications meet regulatory requirements (e.g., PCI DSS, SOC 2, NIST)

ALL OTHER DUTIES AS ASSIGNED

EXPERIENCE/QUALIFICATIONS:

• Bachelor’s degree in Computer Science, Engineering, or related discipline, or equivalent work experience

• 10+ years of experience in application security, software architecture, or secure development

• 5+ years of experience securing cloud-native applications in Azure or GCP

• 3+ years of experience securing legacy platforms, preferably WebSphere Commerce Suite

• Hands-on experience with DevSecOps practices, CI/CD pipelines, and automated security testing

• Deep knowledge of secure coding practices, OWASP Top 10, and application-layer threat mitigation

• Experience with cloud-native security services (e.g., Azure Defender, GCP Security Command Center)

• Professional certifications preferred (e.g., CSSLP, CISSP, GCSA, CCSP)

• Familiarity with compliance standards such as NIST 800-53, ISO 27001, SOC 2, and PCI DSS

TRAVEL REQUIREMENTS:

Occasional travel to visit key facilities or in support of team meetings (less than 15%)

PHYSICAL REQUIREMENTS:

Regularly performs computer work and sits

Occasionally walks and stands

Seldom/never lifts up to 50lbs

INDEPENDENT JUDGEMENT:

Develops strategic direction, goals, plans, and policies for application security. Sets broad objectives and is accountable for overall results in respective area of responsibility. Requires high degree of independent judgment and problem solving of complex problems.

Full Time Benefits Summary:

Enjoy discounts on retail merchandise, our restaurants, world-class resorts and conservation attractions

• Medical

• Dental

• Vision

• Health Savings Account

• Flexible Spending Account

• Voluntary benefits

• 401k Retirement Savings

• Paid holidays

• Paid vacation

• Paid sick time

• Bass Pro Cares Fund

• And more

Bass Pro Shops is an equal opportunity employer. Hiring decisions are administered without regard to race, color, creed, religion, sex, pregnancy, sexual orientation, gender identity, age, national origin, ancestry, citizenship status, disability, veteran status, genetic information, or any other basis protected by applicable federal, state or local law.

Reasonable Accommodations

Qualified individuals with known disabilities may be entitled to reasonable accommodation under the Americans with Disabilities Act and certain state or local laws.

If you need a reasonable accommodation for any part of the application process, please visit your nearest location or contact us at hrcompliance@basspro.com.

Bass Pro Shops