Application Security Architect

💰 $161k
🇺🇸 United States - Remote
🔒 Cybersecurity🟣 Senior

Job description

ABOUT THE JOB

The ACLU seeks applicants for the full-time position of Application Security Architect in the Information Security Departmentof the ACLU’s National office in New York, NY . This is a hybrid role that has in-office requirements of two (2) days per week or eight (8) days per month.

This role will define how secure applications are designed, integrated, and maintained across the ACLU’s cloud, SaaS, and hybrid environments. You’ll lead efforts to embed security throughout our software development lifecycle (SDLC), own our internal Security Architecture Review (SAR) process, and guide secure integration practices for highly customized platforms and other third-party applications critical to our civil liberties mission.

The AppSec Architect will partner closely with product and platform teams, Tech Engineering, Devops, IT, and affiliates to assess and mitigate risks associated with application design, data flows, integrations, and third-party software usage. You’ll help set and enforce security standards, perform hands-on threat modeling, define secure development and deployment patterns, and directly support high-impact systems involving donor data, legal case workflows, and internal operational apps.

This hands-on technical leadership role will own and drive the ACLU’s application security efforts across both internally developed and externally adopted applications.

This position is part of a collective bargaining unit. It is represented by ACLU Staff United (ASU).

WHAT YOU’LL DO

Reporting to the Director, Security Architecture & Engineering, the Application Security Architect will define and drive the ACLU’s application security roadmap—from code to cloud, and everything in between.

YOUR DAY TO DAY

  • Lead the ACLU’s Application Security Program, owning the InfoSec SDLC strategy and continuous improvement of application-layer security across cross-functional teams.
  • Own the Security Architecture Review (SAR) process, including intake, risk evaluation, documentation, and partner engagement.
  • Perform and guide threat modeling for new applications, integrations, and high-risk workflows—including financial systems, legal platforms, and supporter/donor tools.
  • Define secure design patterns for authentication (OAuth/OIDC), secrets management, API authorization, session handling, and data flow protections across internal and third-party systems.
  • Evaluate, deploy, and maintain AppSec tooling such as SAST, DAST, SCA, API security tools, and secrets detection platforms, based on risk and developer stack alignment.
  • Partner with stakeholders to assess internal cloud apps, low-code tools, and internal workflow automations for security risks.
  • Oversee application-layer vulnerability triage, analysis, and escalation—including issues from internal testing, coordinated disclosure, and external penetration testing.
  • Collaborate with platform owners of high-risk SaaS platforms to validate that application-level security controls—authZ, audit logging, IP allowlists, token lifetimes, etc.—are in place and enforced.
  • Ensure application-layer security extends across data ecosystems, including ETL and reverse ETL pipelines, data warehouse platforms (e.g., Redshift, Snowflake), and high-risk integrations that move or transform sensitive donor, legal, or supporter data between internal systems and external SaaS tools.
  • Identify and reduce emerging application-layer risks related to AI adoption, including prompt injection, model abuse, insecure integrations with LLM APIs, and exposure of sensitive data through AI-powered features or automations.

FUTURE ACLU’ERS WILL

  • Be committed to advancing the mission of the ACLU
  • Center and embed the principles of equity, inclusion and belonging in their work by demonstrating commitment to diversity with an approach that respects and values multiple perspectives
  • Be committed to work collaboratively and respectfully toward resolving obstacles and conflicts

WHAT YOU’LL BRING

  • Extensive experience in application or product security, secure software development, or DevSecOps architecture.
  • Practical experience designing and implementing secure SDLC, AppSec testing workflows, or automated CI/CD security gates.
  • Deep understanding of common software vulnerabilities (e.g., OWASP Top 10), secure coding practices, and threat modeling methodologies.
  • Familiarity with GitHub Actions, modern SaaS stacks, and secure API design principles.
  • Familiarity with CMS tooling (e.g., Drupal, WordPress), cloud computing platforms (e.g., GCP, Azure, AWS), and containerization environments (e.g., Kubernetes, Docker, ECS).
  • Experience securing data pipelines and warehouse environments, with a focus on protecting structured data.
  • Experience partnering directly with developers and product teams to influence secure outcomes.
  • Excellent communication skills, especially when translating technical issues into business risk language.

COMPENSATION

The ACLU is committed to equity, transparency, and clarity in pay. Consistent with our compensation philosophy, there is a set salary for each role based on geographic work location. The annual salary for this position is $161,123 (Level - E), reflecting the salary of a position based in New York, NY. Salaries are subject to a regional pay adjustment if authorization is granted to work outside of the location listed in this posting.

For details on our pay structure, please visit: https://www.aclu.org/careers/ACLU_Geographic_Pay_Structure-July_2024.pdf

WHY THE ACLU

For over 100 years, the ACLU has worked to defend and preserve the individual rights and liberties guaranteed by the Constitution and laws of the United States. Whether it’s ending mass incarceration, achieving full equality for the LGBTQ+ community, establishing new privacy protections for our digital age, or preserving the right to vote or the right to have an abortion, the ACLU takes up the toughest civil liberties cases and issues to defend all people.

We know that great people make a great organization. We value our people and know that what we offer is essential not just their work, but to their overall well-being.

At the ACLU, we offer a broad range of benefits, which include:

  • Time away to focus on the things that matter with a generous paid time-off policy
  • Focus on your well-being with comprehensive healthcare benefits (including medical, dental and vision coverage, parental leave, gender affirming care & fertility treatment)
  • Plan for your retirement with 401k plan and employer match
  • We support employee growth and development through annual professional development funds, internal professional development programs and workshops

OUR COMMITMENT TO ACCESSIBILITY, EQUITY, DIVERSITY & INCLUSION

Accessibility, equity, diversity and inclusion are core values of the ACLU and central to our work to advance liberty, equality, and justice for all. For us diversity, equity, accessibility, and inclusion are not just check-the-box activities, but a chance for us to make long-term meaningful change.  We are a community committed to learning and growth, humility and grace, transparency and accountability. We believe in a collective responsibility to create a culture of belonging for all people within our organization – one that respects and embraces difference; treats everyone equitably; and empowers our colleagues to do the best work possible. We are as committed to anti-oppression, anti-ableism, and anti-racism internally as we are externally. Because whether we’re in the courts or in the office, we believe ‘We the People’ means all of us.

With this commitment in mind, we strongly encourage applications from all qualified individuals without regard to race, color, religion, gender, sexual orientation, gender identity or expression, age, national origin, marital status, citizenship, disability, veteran status and record of arrest or conviction, or any other characteristic protected by applicable law.

The ACLU is committed to providing reasonable accommodation to individuals with disabilities. If you are a qualified individual with a disability and need assistance applying online, please email [email protected] . If you are selected for an interview, you will receive additional information regarding how to request an accommodation for the interview process.

Share this job:
Please let ACLU know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

ACLU logo

ACLU

Defending civil rights

  • 201-500 employees
  • Founded in 1920
  • 4 remote jobs
View all jobs

Latest Jobs at ACLU

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply