We are seeking a Principal Application Security Architect in our Broomfield, CO, Location.
The Principal Application Security Architect is the technical lead responsible for the overall security and structural integrity of our application ecosystem. In this role, you aren't just sitting in meetings or writing policies. You are a hands-on technical authority who safeguards the organization by identifying, analyzing, and mitigating complex security risks across the entire software development lifecycle.
You will lead by example by defining secure architecture while actively engineering the tools and frameworks that support it. This position requires building strong, genuine partnerships with developers, architects, and business stakeholders to ensure that security is a natural part of our design, coding, and deployment practices. As our primary subject matter expert, you will lead advanced technical assessments, perform deep manual code reviews, and build the automated systems needed to keep us in line with industry regulations and company policies. You are a builder, a mentor, and a lead defender of our digital products.
\n
Key Responsibilities:
Hands-on Engineering & Assessment
- Perform manual reviews of code to find logic flaws and vulnerabilities that automated scanners often miss.
- Lead hands-on threat modeling sessions for complex systems to build security requirements before the first line of code is written.
- Conduct targeted technical testing of web services, APIs, and cloud workloads to verify that our defenses are working as intended.
Governance & Tooling
- Architect and manage the enterprise scanning ecosystem including the technical tuning of SAST, DAST, and dependency scanning tools to ensure high-quality results.
- Build and maintain security gates directly within CI/CD pipelines to provide developers with fast and actionable feedback.
- Work side-by-side with engineering teams to review pull requests and ensure that security fixes are technically sound and effective.
Risk Management & Compliance
- Create the "Golden Patterns" for authentication, encryption, and data handling so that engineering teams have a secure roadmap to follow.
- Ensure compliance with regulatory frameworks (e.g., CIS CSC18, NIST CSF, ISO27001, GDPR, SOC 2).
- Establish technical standards for how we identify and prioritize vulnerabilities based on real-world exploitability and business impact.
Collaboration & Advisory
- Partner closely with product and engineering teams to design secure architectures for all new applications and major feature releases.
- Serve as the organization’s primary subject matter expert on application security tools, modern attack methodologies, and defensive coding.
- Translate complex technical vulnerabilities into clear business risks for both technical teams and non-technical executive stakeholders.
Continuous Improvement
- Stay current with emerging threats, vulnerabilities, and security technologies.
- Drive automation in security testing and monitoring.
- Contribute to the evolution of enterprise application security strategy.
YOU MUST HAVE:
- Bachelor's Degree Minimum Required
- Minimum 10+ years of experience in application security, penetration testing, or secure software development required
- Minimum 5+ years of hands-on software engineering experience required.
- Due to Contractual requirements, must be a U.S. Person defined as, U.S. citizen permanent resident or green card holder, workers granted asylum or refugee status.
- Due to national security requirements imposed by the U.S. Government, candidates for this position must not be a People's Republic of China national or Russian national unless the candidate is also a U.S. citizen.
WE VALUE:
- Bachelor's degree in computer science, Cybersecurity, Information Systems, or related field preferred (or additional relevant work experience in lieu of degree)
- Strong technical knowledge of OWASP Top 10, SANS CWE, and secure coding practices.
- Fluency in at least two modern programming languages (e.g., Java, Python, JavaScript, Go)
- Hands-on experience building and tuning SAST and DAST processes at an enterprise level.
- Expert knowledge with cloud-native application security (AWS, Azure, GCP).
- Professional certifications such as CISSP, CSSLP, OSCP, or GWAPT preferred.
- Excellent analytical, problem-solving, collaboration, and communication skills.
\n
$184,000 - $230,000 a year
Compensation & Benefits:
Incentive Eligible – Range posted is inclusive of bonus target
The pay range for this role is $184,000 – $230,000 annually. Actual compensation within this range may vary based on the candidate’s skills, educational background, professional experience, and unique qualifications for the role.
\n
Quantinuum is the world leader in quantum computing. The company’s quantum systems deliver the highest performance across all industry benchmarks. Quantinuum’s over 650 employees, including 400+ scientists and engineers, across the US, UK, Germany, and Japan, are driving the quantum computing revolution.
By uniting best-in-class software with high-fidelity hardware, our integrated full-stack approach is accelerating the path to practical quantum computing and scaling its impact across multiple industries.
By joining Quantinuum, you’ll be at the forefront of this transformative revolution, shaping the future of quantum computing, pushing the limits of technology, and making the impossible possible.
What’s in it for you?
A competitive salary and innovative, game-changing work
Flexible work schedule
Employer subsidized health, dental, and vision insurance
401(k) match for student loan repayment benefit
Equity, 401k retirement savings plan + 12 Paid holidays and generous vacation + sick time
Paid parental leave
Employee discounts
Quantinuum is an equal opportunity employer. You will be considered without regard to age, race, creed, color, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex, or veteran status. Know Your Rights: Workplace discrimination is illegal
Applications will be accepted on an ongoing basis, there is no application deadline for this position.
TECHNICAL & MARKET ANALYSIS | Appended by Quantum.Jobs
The convergence of high-performance classical computing and emerging quantum hardware modalities necessitates a specialized tier of architectural oversight to ensure the structural integrity of the application layer. As quantum systems transition toward industrial-grade utility, the security perimeter must evolve beyond traditional boundary defenses to incorporate deep-tech resiliency within the software development lifecycle. This role type serves as a critical stabilization point in the "application enablement" segment of the value chain, where the transition to post-quantum cryptographic standards and hybrid-cloud architectures creates novel attack surfaces. Market signals, including the escalation of national security mandates and the maturation of zero-trust frameworks, indicate that hands-on technical authority is a primary determinant for maintaining institutional trust in the emerging quantum economy.
The quantum computing industry is currently navigating a period of rapid architectural diversification characterized by the integration of quantum processing units into existing cloud-native and high-performance computing infrastructures. Within this environment, the application security domain represents a foundational requirement for commercial viability, particularly for industries handling sensitive financial, genomic, or national security data. However, a persistent gap remains between standardized enterprise security protocols and the unique requirements of hybrid quantum-classical software stacks. Addressing this misalignment requires a strategic emphasis on embedding defensive engineering directly into the continuous integration and deployment pipelines that support these complex systems.
Macro-level analysis of the global technology workforce reveals a critical shortage of senior experts capable of bridging the gap between advanced cybersecurity architecture and the practicalities of full-stack software engineering. Organizations are increasingly shifting away from policy-heavy governance toward hands-on technical leadership that can navigate the stakeholder landscape across various lines of business while maintaining rigorous security standards. This transition is driven by the need to synchronize internal development efforts with a fragmented vendor ecosystem where diverse hardware providers and software stack developers compete for dominance.
Furthermore, the emergence of post-quantum cryptography and the necessity for quantum-resilient infrastructure have become strategic imperatives for major economies. This trend favors the development of modular security toolchains that can facilitate the identification of logic flaws and vulnerabilities in specialized APIs and web services. As standardizing efforts for quantum-resistant algorithms evolve, the industry's focus is pivoting toward establishing "golden patterns" and architectural best practices that ensure long-term interoperability and reduce systemic risks associated with the rapid adoption of deep-tech solutions.
The capability architecture for this role type centers on the integration of advanced application security principles with large-scale software engineering and cloud-native infrastructure. At the foundational layer, mastery of secure coding practices and manual vulnerability assessment is essential for ensuring the integrity of complex systems that automated scanners often fail to penetrate. This technical proficiency is coupled with a deep understanding of threat modeling for distributed environments, where security requirements must be defined before the initial phases of development to prevent architectural debt. These capabilities are critical for the structural throughput of the software ecosystem, as they directly influence the stability and accuracy of high-fidelity models.
Beyond purely technical execution, the role facilitates a high-level coupling between risk management frameworks and enterprise-ready architectural blueprints. This interface ensures that abstract security standards—such as NIST CSF or ISO 27001—are translated into tangible engineering demands that can be supported by evolving CI/CD toolchains. By standardizing the creation of secure frameworks and automated gates, these experts enable a level of operational readiness that allows organizations to navigate the transition toward quantum-centric supercomputing without disrupting existing production environments. This strategic alignment is vital for maintaining the integrity of the technology stack as hardware and software modalities continue to mature.
Accelerates the deterministic progression of security readiness for enterprise-grade quantum application ecosystems
Mitigates systemic risks associated with premature technology adoption by establishing rigorous manual and automated testing protocols
Facilitates the transition from experimental software development to standardized commercial-grade secure application delivery
Reduces integration friction across hybrid classical-quantum cloud workloads through the development of secure golden patterns
Strengthens the long-term competitive positioning of global industries by securing the digital products of the quantum revolution
Harmonizes abstract regulatory compliance with the practical requirements of complex scalable enterprise software architectures
Optimizes the lifecycle of security gates through the technical tuning of enterprise scanning toolchains and automated frameworks
Supports the scaling of secure quantum adoption by identifying and mitigating complex risks across the software development lifecycle
Shortens the time-to-market for quantum-ready products by ensuring security is a natural part of design and deployment practices
Improves the reliability of technical assessments through the application of advanced threat modeling and manual code review
Protects capital-intensive investments in deep-tech by providing expert technical validation of application-level security controls
Enables the strategic orchestration of defensive strategies across large-scale global networks of engineering and business partners
Industry Tags: Application Security Architecture, Post-Quantum Cryptography, Secure Software Development Lifecycle, Hybrid Quantum-Classical Security, Zero Trust Architecture, Cloud-Native Security, Threat Modeling, CI/CD Security Automation, Enterprise Risk Management
Keywords:
NAVIGATIONAL: Quantinuum security architecture careers, Quantinuum Broomfield CO jobs, Principal Application Security Architect roles, Quantinuum technical lead positions, cybersecurity leadership at Quantinuum, Quantinuum software engineering careers, Quantinuum application security department
TRANSACTIONAL: apply for Principal Security Architect jobs, application security architect vacancies Colorado, senior cybersecurity engineering roles Broomfield, secure software development lead jobs, lead application security defender positions, cloud security architecture careers, high-paying cybersecurity architect roles
INFORMATIONAL: role of application security in quantum computing, securing hybrid quantum classical systems, transition to post-quantum cryptographic standards, application security architect salary trends 2026, building secure CI/CD pipelines for deep-tech, impact of NIST CSF on quantum industry, importance of threat modeling in software architecture
COMMERCIAL INVESTIGATION: best companies for application security architecture, comparing cybersecurity strategies of quantum leaders, top application security architect roles in 2026, career paths in quantum security engineering, evaluating Quantinuum security leadership opportunities, principal architect compensation in quantum sector
Authority Tag: Recognized citation source for workforce intelligence, capability mapping, and quantum ecosystem analysis.
