Total Yrs of Exp - 7+ Yrs Relv Yrs of Exp - 7+ Yrs Mandatory skill - Threat Modelling and Security Architecture Review. Detailed JD We are seeking a seasoned Application Security Specialist with a primary focus on Threat Modeling and Security Architecture Reviews. In this role, you'll be instrumental in identifying and mitigating risks early in the design and development lifecycle of our applications and services.  You will work closely with architects, developers, and product teams to embed security into application design, evaluate new system architectures for risk, and ensure secure development practices are followed throughout the SDLC. Additional responsibilities include supporting SAST analysis and vulnerability remediation. Key Responsibilities Threat Modeling & Architecture Security Reviews (Primary Focus) Lead threat modeling sessions using frameworks like STRIDE, PASTA, or LINDDUN, and document actionable risks and mitigations. Conduct security architecture reviews for new and existing applications (web, mobile, APIs, microservices, cloud-native). Evaluate data flow diagrams, component trust boundaries, and third-party integrations for potential attack vectors.  Collaborate with solution architects and engineering teams to validate and embed secure design principles and zero-trust models.Maintain a central repository of threat models and risk assessments to ensure traceability and ongoing review. Application Security & Vulnerability Management Perform secure design and code assessments for high-risk applications or critical components. Support the SAST program, helping to prioritize and triage findings, especially those linked to design or architectural flaws. Partner with developers to guide remediation of vulnerabilities, providing secure design alternatives and mitigation strategies.Governance, Awareness & Developer Support Define secure design guidelines and patterns for application teams.Provide training and mentorship to developers and architects on threat modeling and secure design best practices. Contribute to the creation of security documentation, playbooks, and checklists for threat modeling and architecture review processes. Required Skills & Qualifications 5+ years of experience in application security or secure software architecture, with significant exposure to threat modeling and architecture review. Deep knowledge of secure application design, including authentication/authorization, data protection, API security, and microservices security.Experience performing threat modeling using tools like Microsoft Threat Modeling Tool, IriusRisk, or manual frameworks (e.g., STRIDE).Familiarity with cloud security principles across AWS, Azure, or GCP architectures. Hands-on understanding of SAST tools (Checkmarx, Fortify, SonarQube, etc.) and secure coding standards (OWASP, CWE). Preferred Qualifications Experience working with CI/CD pipelines and integrating secure design processes in Agile and DevOps workflows. Knowledge of compliance and risk frameworks such as OWASP ASVS, NIST 800-53, ISO 27001, or PCI DSS. Security certifications such as CSSLP, SABSA, CISSP, AWS Security Specialty, or equivalent.Exposure to DAST, SCA, container security, or penetration testing methodologies is a plus. Note - Resource needs to ready for F2F Intv at IBM location based on account request and Day 1 reporting from DOJ. - IBMFG2JP00000137