Principal Application Security Architect - 861 in Broomfield, Colorado at Quantinuum

We are seeking a Principal Application Security Architect in our Broomfield, CO, Location.

The Principal Application Security Architect is the technical lead responsible for the overall security and structural integrity of our application ecosystem. In this role, you aren't just sitting in meetings or writing policies. You are a hands-on technical authority who safeguards the organization by identifying, analyzing, and mitigating complex security risks across the entire software development lifecycle.

You will lead by example by defining secure architecture while actively engineering the tools and frameworks that support it. This position requires building strong, genuine partnerships with developers, architects, and business stakeholders to ensure that security is a natural part of our design, coding, and deployment practices. As our primary subject matter expert, you will lead advanced technical assessments, perform deep manual code reviews, and build the automated systems needed to keep us in line with industry regulations and company policies. You are a builder, a mentor, and a lead defender of our digital products.

• Perform manual reviews of code to find logic flaws and vulnerabilities that automated scanners often miss.
• Lead hands-on threat modeling sessions for complex systems to build security requirements before the first line of code is written.
• Conduct targeted technical testing of web services, APIs, and cloud workloads to verify that our defenses are working as intended.

• Architect and manage the enterprise scanning ecosystem including the technical tuning of SAST, DAST, and dependency scanning tools to ensure high-quality results.
• Build and maintain security gates directly within CI/CD pipelines to provide developers with fast and actionable feedback.
• Work side-by-side with engineering teams to review pull requests and ensure that security fixes are technically sound and effective.

• Create the "Golden Patterns" for authentication, encryption, and data handling so that engineering teams have a secure roadmap to follow.
• Ensure compliance with regulatory frameworks (e.g., CIS CSC18, NIST CSF, ISO27001, GDPR, SOC 2).
• Establish technical standards for how we identify and prioritize vulnerabilities based on real-world exploitability and business impact.

• Partner closely with product and engineering teams to design secure architectures for all new applications and major feature releases.
• Serve as the organization’s primary subject matter expert on application security tools, modern attack methodologies, and defensive coding.
• Translate complex technical vulnerabilities into clear business risks for both technical teams and non-technical executive stakeholders.

• Stay current with emerging threats, vulnerabilities, and security technologies.
• Drive automation in security testing and monitoring.
• Contribute to the evolution of enterprise application security strategy.

• Bachelor's Degree Minimum Required
• Minimum 10+ years of experience in application security, penetration testing, or secure software development required
• Minimum 5+ years of hands-on software engineering experience required.
• Due to Contractual requirements, must be a U.S. Person defined as, U.S. citizen permanent resident or green card holder, workers granted asylum or refugee status.
• Due to national security requirements imposed by the U.S. Government, candidates for this position must not be a People's Republic of China national or Russian national unless the candidate is also a U.S. citizen.

• Bachelor's degree in computer science, Cybersecurity, Information Systems, or related field preferred (or additional relevant work experience in lieu of degree)
• Strong technical knowledge of OWASP Top 10, SANS CWE, and secure coding practices.
• Fluency in at least two modern programming languages (e.g., Java, Python, JavaScript, Go)
• Hands-on experience building and tuning SAST and DAST processes at an enterprise level.
• Expert knowledge with cloud-native application security (AWS, Azure, GCP).
• Professional certifications such as CISSP, CSSLP, OSCP, or GWAPT preferred.
• Excellent analytical, problem-solving, collaboration, and communication skills.

Compensation & Benefits:

Incentive Eligible – Range posted is inclusive of bonus target

The pay range for this role is $184,000 – $230,000 annually. Actual compensation within this range may vary based on the candidate’s skills, educational background, professional experience, and unique qualifications for the role.

Quantinuum is the world leader in quantum computing. The company’s quantum systems deliver the highest performance across all industry benchmarks. Quantinuum’s over 650 employees, including 400+ scientists and engineers, across the US, UK, Germany, and Japan, are driving the quantum computing revolution.

By uniting best-in-class software with high-fidelity hardware, our integrated full-stack approach is accelerating the path to practical quantum computing and scaling its impact across multiple industries.

By joining Quantinuum, you’ll be at the forefront of this transformative revolution, shaping the future of quantum computing, pushing the limits of technology, and making the impossible possible.

A competitive salary and innovative, game-changing work

Flexible work schedule

Employer subsidized health, dental, and vision insurance

401(k) match for student loan repayment benefit

Equity, 401k retirement savings plan + 12 Paid holidays and generous vacation + sick time

Paid parental leave

Employee discounts

Quantinuum is an equal opportunity employer. You will be considered without regard to age, race, creed, color, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex, or veteran status. Know Your Rights: Workplace discrimination is illegal

Applications will be accepted on an ongoing basis, there is no application deadline for this position.