Security Architect - Application Security

📋 Description

• • HighLevel is seeking a highly skilled and experienced Security Architect specializing in Application Security to join our dynamic, global, remote-first team. In this pivotal role, you will be instrumental in shaping and implementing robust security strategies across our rapidly expanding, AI-powered, all-in-one sales and marketing platform. As a key member of our security team, you will be responsible for designing, developing, and maintaining comprehensive application security architectures that protect our platform, our data, and our millions of users worldwide.
• • You will play a critical role in identifying and mitigating security risks throughout the entire software development lifecycle (SDLC). This includes conducting threat modeling, security design reviews, code reviews, and penetration testing to ensure our applications are secure by design and resilient against evolving threats. Your expertise will be crucial in establishing and enforcing security best practices, standards, and guidelines for our engineering teams.
• • A significant part of your responsibility will involve collaborating closely with product managers, engineers, and other stakeholders to integrate security considerations into the early stages of product development. You will provide expert guidance on secure coding practices, vulnerability management, and the implementation of security controls. This proactive approach is essential given HighLevel's massive scale, processing over 4 billion API hits and 2.5 billion message events daily, managing over 470 terabytes of data across five databases, and operating with a network of over 250 microservices.
• • You will be at the forefront of evaluating and recommending security technologies and tools to enhance our application security posture. This includes staying abreast of the latest security trends, vulnerabilities, and defensive techniques. Your insights will guide the selection and implementation of solutions for areas such as authentication, authorization, data encryption, API security, and secure communication protocols.
• • Furthermore, you will contribute to the development and maintenance of security policies, procedures, and documentation. This includes creating security awareness training materials and fostering a security-conscious culture across the organization. Your ability to communicate complex security concepts clearly and effectively to both technical and non-technical audiences will be vital.
• • The role demands a deep understanding of common web application vulnerabilities (e.g., OWASP Top 10), cloud security principles (especially in AWS or similar environments), and secure software development methodologies. You will be expected to lead security initiatives, mentor junior security professionals, and contribute to incident response planning and execution when necessary.
• • Your impact will be directly felt in the continued trust and security of our platform, which empowers over 2 million businesses globally. By ensuring the integrity and confidentiality of the data and communications processed by HighLevel, you will be a cornerstone in our mission to help businesses grow and connect with their customers securely and effectively. This is an opportunity to make a significant contribution to a fast-growing company that is a leader in its space, working with a talented, international team in a fully remote setting.
• • Key responsibilities will include:
• • Designing and implementing application security architectures and strategies.
• • Conducting threat modeling, risk assessments, and security reviews for new and existing features.
• • Developing and enforcing secure coding standards and guidelines.
• • Evaluating and recommending security tools and technologies.
• • Collaborating with engineering teams to integrate security into the SDLC.
• • Providing security expertise and guidance on secure design principles.
• • Leading security testing efforts, including penetration testing and vulnerability assessments.
• • Contributing to security incident response and post-mortem analysis.
• • Developing and delivering security awareness training.
• • Staying current with emerging security threats and best practices.
• • Ensuring compliance with relevant security regulations and standards.