New

Application Security Architect

New York, New York, United States

ABOUT THE JOB

The ACLU seeks applicants for the full-time position of Application Security Architect in the Information Security Department of the ACLU’s National office in New York, NYThis is a hybrid role that has in-office requirements of two (2) days per week or eight (8) days per month. 

This role will define how secure applications are designed, integrated, and maintained across the ACLU’s cloud, SaaS, and hybrid environments. You’ll lead efforts to embed security throughout our software development lifecycle (SDLC), own our internal Security Architecture Review (SAR) process, and guide secure integration practices for highly customized platforms and other third-party applications critical to our civil liberties mission.

The AppSec Architect will partner closely with product and platform teams, Tech Engineering, Devops, IT, and affiliates to assess and mitigate risks associated with application design, data flows, integrations, and third-party software usage. You’ll help set and enforce security standards, perform hands-on threat modeling, define secure development and deployment patterns, and directly support high-impact systems involving donor data, legal case workflows, and internal operational apps.

This hands-on technical leadership role will own and drive the ACLU’s application security efforts across both internally developed and externally adopted applications.

This position is part of a collective bargaining unit. It is represented by ACLU Staff United (ASU).

WHAT YOU'LL DO 

Reporting to the Director, Security Architecture & Engineering, the Application Security Architect will define and drive the ACLU’s application security roadmap—from code to cloud, and everything in between.

YOUR DAY TO DAY

  • Lead the ACLU’s Application Security Program, owning the InfoSec SDLC strategy and continuous improvement of application-layer security across cross-functional teams.
  • Own the Security Architecture Review (SAR) process, including intake, risk evaluation, documentation, and partner engagement.
  • Perform and guide threat modeling for new applications, integrations, and high-risk workflows—including financial systems, legal platforms, and supporter/donor tools.
  • Define secure design patterns for authentication (OAuth/OIDC), secrets management, API authorization, session handling, and data flow protections across internal and third-party systems.
  • Evaluate, deploy, and maintain AppSec tooling such as SAST, DAST, SCA, API security tools, and secrets detection platforms, based on risk and developer stack alignment.
  • Partner with stakeholders to assess internal cloud apps, low-code tools, and internal workflow automations for security risks.
  • Oversee application-layer vulnerability triage, analysis, and escalation—including issues from internal testing, coordinated disclosure, and external penetration testing.
  • Collaborate with platform owners of high-risk SaaS platforms to validate that application-level security controls—authZ, audit logging, IP allowlists, token lifetimes, etc.—are in place and enforced.
  • Ensure application-layer security extends across data ecosystems, including ETL and reverse ETL pipelines, data warehouse platforms (e.g., Redshift, Snowflake), and high-risk integrations that move or transform sensitive donor, legal, or supporter data between internal systems and external SaaS tools.
  • Identify and reduce emerging application-layer risks related to AI adoption, including prompt injection, model abuse, insecure integrations with LLM APIs, and exposure of sensitive data through AI-powered features or automations.

FUTURE ACLU'ERS WILL 

  • Be committed to advancing the mission of the ACLU
  • Center and embed the principles of equity, inclusion and belonging in their work by demonstrating commitment to diversity with an approach that respects and values multiple perspectives
  • Be committed to work collaboratively and respectfully toward resolving obstacles and conflicts

WHAT YOU'LL BRING

  • Extensive experience in application or product security, secure software development, or DevSecOps architecture.
  • Practical experience designing and implementing secure SDLC, AppSec testing workflows, or automated CI/CD security gates.
  • Deep understanding of common software vulnerabilities (e.g., OWASP Top 10), secure coding practices, and threat modeling methodologies.
  • Familiarity with GitHub Actions, modern SaaS stacks, and secure API design principles.
  • Familiarity with CMS tooling (e.g., Drupal, WordPress), cloud computing platforms (e.g., GCP, Azure, AWS), and containerization environments (e.g., Kubernetes, Docker, ECS).
  • Experience securing data pipelines and warehouse environments, with a focus on protecting structured data.
  • Experience partnering directly with developers and product teams to influence secure outcomes.
  • Excellent communication skills, especially when translating technical issues into business risk language.

COMPENSATION

The ACLU is committed to equity, transparency, and clarity in pay. Consistent with our compensation philosophy, there is a set salary for each role based on geographic work location. The annual salary for this position is $161,123 (Level - E), reflecting the salary of a position based in New York, NY. Salaries are subject to a regional pay adjustment if authorization is granted to work outside of the location listed in this posting.  
 
For details on our pay structure, please visit: https://www.aclu.org/careers/ACLU_Geographic_Pay_Structure-July_2024.pdf

WHY THE ACLU

For over 100 years, the ACLU has worked to defend and preserve the individual rights and liberties guaranteed by the Constitution and laws of the United States. Whether it’s ending mass incarceration, achieving full equality for the LGBTQ+ community, establishing new privacy protections for our digital age, or preserving the right to vote or the right to have an abortion, the ACLU takes up the toughest civil liberties cases and issues to defend all people.

We know that great people make a great organization. We value our people and know that what we offer is essential not just their work, but to their overall well-being. 

At the ACLU, we offer a broad range of benefits, which include:

  • Time away to focus on the things that matter with a generous paid time-off policy
  • Focus on your well-being with comprehensive healthcare benefits (including medical, dental and vision coverage, parental leave, gender affirming care & fertility treatment)
  • Plan for your retirement with 401k plan and employer match
  • We support employee growth and development through annual professional development funds, internal professional development programs and workshops

OUR COMMITMENT TO ACCESSIBILITY, EQUITY, DIVERSITY & INCLUSION

Accessibility, equity, diversity and inclusion are core values of the ACLU and central to our work to advance liberty, equality, and justice for all. For us diversity, equity, accessibility, and inclusion are not just check-the-box activities, but a chance for us to make long-term meaningful change.  We are a community committed to learning and growth, humility and grace, transparency and accountability. We believe in a collective responsibility to create a culture of belonging for all people within our organization – one that respects and embraces difference; treats everyone equitably; and empowers our colleagues to do the best work possible. We are as committed to anti-oppression, anti-ableism, and anti-racism internally as we are externally. Because whether we’re in the courts or in the office, we believe ‘We the People’ means all of us.

With this commitment in mind, we strongly encourage applications from all qualified individuals without regard to race, color, religion, gender, sexual orientation, gender identity or expression, age, national origin, marital status, citizenship, disability, veteran status and record of arrest or conviction, or any other characteristic protected by applicable law.    

The ACLU is committed to providing reasonable accommodation to individuals with disabilities. If you are a qualified individual with a disability and need assistance applying online, please email benefits.hrdept@aclu.org. If you are selected for an interview, you will receive additional information regarding how to request an accommodation for the interview process. 

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf

At the ACLU, we deeply value diversity, inclusion, and belonging. We actively work to ensure that we are addressing everyone appropriately and that we’re acknowledging their identity as they would like. Examples of common pronouns are 'she/her/hers,' 'he/him/his,' and 'they/them/theirs.' This is optional, but if you’re comfortable, please share your pronouns.

A common use name (sometimes known as a chosen name, nickname, or a name-in-use) is the use of a name, usually a first name, that is different from a person's legal name. Common use names can be used in organizational communications and informational materials such as email correspondence, staff directories, business cards, software and similar systems which do not require the use of a legal name.  Legal names will continue to be used where required by law or organizational policy, including but not limited to, formal organizational and employment correspondence in addition to immigration, payroll, tax, benefits and insurance documents.

Select...
Select...
Select...

Race and/or Ethnicity

 

 

Select...

 

Gender

Select...

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are committed to equal opportunity to qualified people with disabilities. To help us measure how well we are doing, we are asking you to tell us if you have a disability or if you ever had a disability. Completing this form is voluntary, but we hope that you will choose to fill it out. If you are applying for a job, any answer you give will be kept private and will not be used against you in any way.

If you already work for us, your answer will not be used against you in any way. Because a person may become disabled at any time, we are required to ask all of our employees to update their information every five years. You may voluntarily self-identify as having a disability on this form without fear of any punishment because you did not identify as having a disability earlier.

How do I know if I have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Blindness
  • Deafness
  • Cancer
  • Diabetes
  • Epilepsy
  • Autism
  • Cerebral palsy
  • HIV/AIDS
  • Schizophrenia
  • Muscular dystrophy
  • Bipolar disorder
  • Major depression
  • Multiple sclerosis (MS)
  • Missing limbs or partially missing limbs
  • Post-traumatic stress disorder (PTSD)
  • Obsessive compulsive disorder
  • Impairments requiring the use of a wheelchair
  • Intellectual disability (previously called mental retardation)

Disability Status:

Select...

Disability diversity in the workplace includes people with significant disabilities. A “significant disability” is one that is associated with particularly low employment rates. The federal government has recognized that individuals with certain disabilities, particularly manifest disabilities, face barriers to employment above and beyond the barriers faced by people with the broader range of disabilities. See Questions and Answers: The EEOC's Final Rule on Affirmative Action for People with Disabilities in Federal Employment, (https://www.eeoc.gov/laws/regulations/qanda-ada-disabilities-final-rule.cfm). The ACLU’s affirmative action plan for people with disabilities includes an overall goal for people with a broad range of disabilities, and a “subgoal” for people with significant disabilities.

Select...

Veteran Status

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in ACLU - National Office’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.