Application Security Architect

Описание вакансии

Do you love diving deep into complex systems? Are you passionate about helping engineering teams ship secure, high‑quality software? Do you get energy from solving practical security problems at scale and partnering closely with developers, architects, and product teams?

If so, we’d love to talk to you. Alarm.com is looking for an Application Security Architect to join our growing security organization—initially as the primary owner of application security, with the opportunity to help shape and potentially build the AppSec function over time. You’ll play a hands‑on, influential role in shaping how we build secure software across a diverse ecosystem—including mobile apps, cloud services, on‑prem systems, IoT devices, and emerging AI‑powered features. You’ll collaborate with engineers across the company, participate in design reviews, lead threat modeling, and help teams adopt secure development practices that keep our customers and partners safe.

Alarm.com offers an environment where you can meaningfully impact both technology and culture. You’ll work with smart, friendly engineers, cutting‑edge products, and a platform that spans everything from home automation to large‑scale data processing. If you enjoy a blend of deep technical work, cross‑team partnership, and practical security engineering, this could be the perfect place to grow your career.

What You'll Do

• Vulnerability Management: Triage and track inbound findings from SAST, DAST, IAST, SCA tools, and external sources (bug bounty, penetration tests). Maintain strong awareness of vulnerability trends and exploitability. Prioritize remediation using a risk-based approach, partnering directly with engineering teams.
• Secure SDLC Integration: Partner with engineering and platform leadership to embed security practices throughout the development lifecycle. Influence and evolve the AppSec tooling and automation roadmap—including emerging AI-assisted capabilities—through prototyping, evaluation, and feedback.
• Threat Modeling & Design Reviews: Lead threat modeling and participate in feature-team design reviews to ensure security best practices are applied across new features and architectural changes. Collaborate early with engineers, architects, and tech leads during design sessions to identify risks, guide secure design decisions, and embed security into system architecture.
• Code & Application Reviews: Perform deep, targeted reviews of high‑risk code paths, APIs, authentication/authorization flows, and sensitive components. Coordinate with Penetration Testers, Red Teams, and Compliance teams to ensure holistic coverage.
• AI & LLM Security: Partner with teams adopting AI and LLM-based systems—both internal tooling and production features—to ensure secure design, model and data protection, prompt/input validation, and safe integration patterns. Assess and mitigate risks related to data leakage, model behavior, supply chain concerns, and emerging AI security threats.
• Automation & Tooling: Build and maintain security automation integrated into CI/CD pipelines. Automate detection, validation, and developer‑friendly remediation workflows to improve signal quality and reduce friction.
• Developer Guidance & Training: Serve as a domain expert and partner to engineering teams. Deliver workshops, provide secure coding guidance, and help teams adopt effective security controls and testing practices.
• Cloud Application Security: Advise on application‑layer security in cloud-native environments, including identity, secrets management, network exposure, and service‑to‑service authentication.
• IoT Device & Platform Security: Provide security guidance for IoT devices and platform components, including OSS dependency risk analysis and security considerations for legacy or constrained devices.
• Security Policy & Compliance: Translate policy and compliance requirements into practical guidance for developers. Contribute to policy evolution and support audit activities as needed.
• Incident Response: Collaborate with InfoSec during security incidents and investigations. Maintain and evolve runbooks and contribute to post‑incident reviews to drive systemic improvements.

Required Skills & Experience

• 10+ years of experience in application security, software engineering, or related technical security roles (8+ acceptable for exceptionally strong candidates).
• Bachelor's in Computer Science, Computer Engineering, Electrical Engineering, or related field, or equivalent work experience
• Proficiency in at least one programming language (e.g., Python, JavaScript, C#) and ability to navigate large, complex codebases.
• Knowledge of application security best practices across both cloud and on‑prem environments, including cloud‑hosted Kubernetes and related cloud services.
• Hands‑on experience with AppSec tooling and techniques (SAST, DAST, SCA, IAST, WAF, etc.).
• Strong understanding of vulnerabilities, exploitability, and security principles (e.g., OWASP Top 10, secure design patterns).
• Experience with CI/CD pipelines and DevSecOps practices.
• Demonstrated ability to influence engineering teams and drive security outcomes without relying on authority.
• Strong analytical thinking, practical problem‑solving skills, and a balanced approach to technical risk.
• Excellent written and verbal communication skills, capable of explaining complex security issues to both technical and non‑technical audiences.
• Experience with GitHub Advanced Security (including code scanning, secret scanning, and dependency insights) is preferred.
• Familiarity with AI and LLM security concepts—such as model hardening, prompt/input validation, data protection, and the OWASP Top 10 for LLMs—is preferred.

Please note that sponsorship of new applicants for employment authorization, or any other immigration-related support, is not available for this position at this time.

WHY WORK FOR ALARM.COM?

• Collaborate with outstanding people: We hire only the best. Our standards are high and our employees enjoy working alongside other high achievers.
• Make an immediate impact: New employees can expect to be given real responsibility for bringing new technologies to the marketplace. You are empowered to perform as soon as you join the Alarm.com team!
• Gain well rounded experience: Alarm.com offers a diverse and dynamic environment where you will get the chance to work directly with executives and develop expertise across multiple areas of the business.
• Focus on fun: Alarm.com places high value on our team culture. We even have a committee dedicated to hosting a stand-out holiday party, happy hours, and other fun corporate events.
• Alarm.com values working together and collaborating in person.  Our employees work from the office 4 days a week.

COMPANY INFO

Alarm.com is the leading cloud-based platform for smart security and the Internet of Things. More than 7.6 million home and business owners depend on our solutions every day to make their properties safer, smarter, and more efficient. And every day, we’re innovating new technologies in rapidly evolving spaces including AI, video analytics, facial recognition, machine learning, energy analytics, and more.  We’re seeking those who are passionate about creating change through technology and who want to make a lasting impact on the world around them.

For more information, please visit www.alarm.com.

COMPANY BENEFITS

Alarm.com offers competitive pay and benefits inclusive of subsidized medical plan options, an HSA with generous company contribution, a 401(k) with employer match, and paid holidays, wellness time, and vacation increasing with tenure. Paid maternity and bonding leave, company-paid disability and life insurance, FSAs, well-being resources and activities, and a casual dress work environment are also part of our outstanding total rewards package!

Alarm.com is an Equal Opportunity Employer

In connection with your application, we collect information that identifies, reasonably relates to or describes you (“Personal Information”). The categories of Personal Information that we may collect include your name, government-issued identification number(s), email address, mailing address, other contact information, emergency contact information, employment history, educational history, criminal record, and demographic information. We collect and use those categories of Personal Information about you for human resources and other business management purposes, including identifying and evaluating you as a candidate for potential or future employment or future positions, recordkeeping in relation to recruiting and hiring, conducting criminal background checks as permitted by law, conducting analytics, and ensuring compliance with applicable legal requirements and Company policies. By submitting your application, you acknowledge that we may retain some of the personal data that you provide in your application for our internal operations such as managing our recruitment system and ensuring that we comply with labor laws and regulations even after we have made our employment decision.

Notice To Third Party Agencies:

Alarm.com understands the value of professional recruiting services.  However, we are not accepting resumes from recruiters or employment agencies for this position. In the event we receive a resume or candidate referral for this position from a third-party recruiter or agency without a previously signed agreement, we reserve the right to pursue and hire those candidate(s) without any financial obligation to you. If you are interested in working withAlarm.com, please email your company information and standard agreement to RecruitingPartnerships@Alarm.com.