Utah IT Jobs

Mobile utah department of workforce services Logo

Job Information

Humana Lead Application/Product Security Architect - Enterprise Information Protection(remote virtual work from home eligible) in Salt Lake City, Utah


We are searching for an experienced Application Security Architect who can utilize solid business knowledge and expert technical experience in security to help develop strategy, roadmap and execution for our Application Security program. In this role you will proactively work to discover security issues proactively during solution design and work to prevent vulnerabilities during development. You will be responsible for developing design patterns and development standards to help developers and architects build secure solutions. You will develop assessment frameworks to evaluate designs then be responsible for their execution. These processes will become especially pertinent in support of current technology modernization efforts with a big emphasis on cloud adoption.


  • Design of proactive application security frameworks to ensure the secure architecture and development of business solutions. This includes frameworks for performing consistent application security assessments and threat models as well as the development of secure design patterns and development standards.

  • Implementation of the above controls into a modern SDLC.

  • Conduct application security assessments, threat modeling and architecture reviews

  • Proactively communicate design and development principles to appropriate stakeholders

  • Proactively improve security designs to reduce vulnerabilities found after development of code

  • Influence stakeholders to correct security deficiencies in the solution design as well as developed code

  • Provide solutions to security deficiencies while allowing for necessary business and technical functionality

  • Automation and standardization of all applicable processes

Required Qualifications:

Technical Competencies

  • In depth comprehension of the OWASP Top 10 and an ability to communicate with developers and application architects. Development or software architecture background is preferred.

  • Experience implementing application security frameworks such as BSIMM and SAMM

  • Expertise in performing cloud architecture reviews, application risk assessments and threat modeling

  • Experience in integrating security controls into all forms of SDLC including automation into a CI/CD pipeline

  • Communicate the need for security controls to a business audience, including justification of spend and effort

  • Analyzes business impact and exposure based on emerging security threats, vulnerabilities and risks, and recommends technologies and solutions to mitigate them.

  • Implement security considerations for in house developed, COTS and SaaS solutions

  • Translates technical concepts into plain language to show business risk

  • Collaborates with developers and software architects to adjust designs to securely meet business and technical requirements

Cultural Competencies

  • Ability to lead and motivate a team

  • Ability to build and implement new security functions in an organization (greenfield).

  • Comfortable operating in an environment with constant change and ambiguity

  • Demonstrated experience leading and developing others by providing technical guidance and leadership to project teams.

  • Maintain team engagement through delegation and empowerment

  • Build relationships with development, software architecture and product management stakeholders

  • Experience working in highly regulated environments subject to HIPAA, HITrust, PCI or other related

Preferred Qualifications:

  • Bachelor's degree in an IT-related field strongly preferred; post-graduate degree is a bonus, but not required

  • Knowledge and experience with the configuration of security controls and secure migration of enterprise applications to one of the major cloud providers such as Azure (preferred), Amazon Web Services, or Google Cloud.

  • Experience with CI/CD pipelines

  • Automation and standardization of software security controls, particularly into a CI/CD pipeline

  • CISSP, CISM or equivalent

  • GIAC or Offensive Security certifications

  • Cloud Architecture and/or Cloud Security Certifications (AWS, Azure, GCP)

  • Cloud Security Alliance (CCSP, CCSK) (ISC)2

Scheduled Weekly Hours


About Us

Mission: At Humana, our cultural foundation is aligned to helping members achieve their best health by delivering personalized, simplified, whole-person healthcare experiences. Recognizing healthcare needs continue to evolve for each person, for each family and for each community, Humana continuously creates innovative solutions and resources that help people live their healthiest lives on their terms –when and where they need it. Our employees are at the heart of making this happen and that’s why we are dedicated to building an organization of dynamic talent whose experience and passion center on putting the customer first.

Equal Opportunity Employer

It is our policy to recruit, hire, train, and promote people without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity or expression, disability, or veteran status, except where age, sex, or physical status is a bona fide occupational qualification. View the EEO is the Law poster.

If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact mailboxtasrecruit@humana.com for assistance.

Humana Safety and Security

Humana will never ask, nor require a candidate provide money for work equipment and network access during the application process. If you become aware of any instances where you as a candidate are asked to provide information and do not believe it is a legitimate request from Humana or affiliate, please contact mailboxtasrecruit@humana.com to validate the request.

California Residents

If you are a California resident and would like to review our California Consumer Privacy Act (CCPA) Policy click here:

CA Resident Privacy Policy