Application Security Architect

As an Application Security Architect, you will be a key member of our internal AppSec team, working closely with product teams, InfoSec, and other stakeholders to ensure secure product design and development. You will lead threat modeling activities, define security requirements, support secure software development lifecycle (SSDLC) integration, and actively contribute to our global application security strategy. This role is ideal for someone with a strong AppSec background who enjoys building strong partnerships across teams, mentoring others, and driving meaningful security improvements at scale. Sounds like a perfect next step in your career. Read on!

• You partner with product teams across the entire development lifecycle to embed security into the software development process and strengthening security of product architectures.
• You champion security initiatives, define and promote security requirements for products and services throughout the development lifecycle.
• You conduct and lead threat modeling sessions, security design reviews, and identify risk across services and platforms.
• You help define and evolve our global AppSec strategy, contribute policies, processes, best practices, roadmaps, and KPIs
• You support the development and rollout of a security champions program to build security awareness and capabilities within our product engineering.
• You organize and conduct workshops, trainings, and knowledge-sharing sessions for developers and other technical stakeholders.
• You mentor (junior) AppSec engineers and actively contribute to the growth and development of our internal AppSec team.
• You collaborate on the evaluation and implementation of new AppSec tools and services.
• You stay up-to-date on the latest threats, vulnerabilities, and mitigations across various tech stacks.

• 5+ years of experience in Application Security and Security Architecture.
• Deep understanding of secure software & cloud architecture, common design patterns, and threat modeling methodologies such as STRIDE.
• Proven expertise in secure software development lifecycle (SSDLC) practices, including the integration of security controls into modern CI/CD pipelines.
• Solid hands-on experience in modern software development, ideally in enterprise environments, and with Java and/or Python.
• Familiarity with a range of application security tools, including SAST, SCA, and container security solutions.
• Experience in organizing security-related events such as CTFs and developer trainings is a strong plus.
• Exposure to Gen AI in a security context is a plus.
• A collaborative mindset – you enjoy working with international, cross-functional teams and driving alignment across stakeholders.
• Excellent communication skills with fluency in English, both written and verbal.

Our work will have a direct influence on the future of logistics and IT. Our teams are experts who are helping shape the IT industry in Portugal and around the world. We want you to feel comfortable in our working environment, where you will be dealing with different cultures. And as such, we offer flexible working hours and the ability to work remotely. We value teamwork, continuous learning and diversity. + Nagel offers you a tailor-made career - through individual planning and team leaders who support and advise you in every way. Personally, you will be supported by many work-life balance offers, supplemental health insurance and our EAP - Employee Assistant Program.