JMP, a subsidiary of SAS, is committed to empowering scientists and engineers via our world-class family of statistical software products. For over 30 years, JMP has enabled customers to speed new drugs to market, to design better products and processes, and to figure out how to restore ecosystems. Advancements are made when brilliant people use JMP statistical discovery software to see what they’ve not seen before. If you are a problem solver, a connector, and someone who enjoys helping others, then you might just be the next person to join this dynamic, growing, and global team.

About the job

JMP is seeking a skilled Application Security Architect with a strong software development background to be our primary technical expert in analyzing and validating security vulnerabilities. You’ll work closely with our static application security testing (SAST), software composition analysis (SCA), and Dynamic Application Security Testing (DAST) outputs, ensuring we focus on the highest-priority risks. You’ll also help enhance and automate our security tools and processes, directly embedding security into our development pipeline.

As an Application Security Architect you will:

• Analyze SAST, SCA, and DAST scan results to separate true positives from false positives.
• Review source code to assess impact and exploitability of vulnerabilities.
• Deliver detailed reports to the security manager with prioritization and remediation recommendations.
• Partner with developer security champions to guide remediation of validated issues.
• Design, implement, and automate security checks and gates in the DevSecOps pipeline.
• Integrate and configure new security tools to improve efficiency and strengthen our security posture.

Required Qualifications:

• Proficiency in C++, JavaScript, and Python.
• Strong understanding of common web application vulnerabilities (OWASP Top 10) and exploitation techniques.
• Hands-on experience with security scanning tools (SAST, SCA, DAST, etc.) and interpreting their outputs.
• Familiarity with modern secure software development life cycle (SDLC) practices.
• Ability to clearly communicate complex technical concepts to technical and non-technical audiences.

Preferred Qualifications:

• Experience with DevSecOps tools and CI/CD platforms (e.g., Jenkins, GitLab, GitHub).
• Knowledge of tools such as Snyk, BitBucket, Perforce, Jira, Git.
• Understanding of infrastructure and cloud security concepts.
• Familiarity with containerization and orchestration technologies.

World-Class Benefits  

Highlights include...

• Comprehensive medical, prescription, dental and vision plans.
• Medical plan options include...
  • PPO with low annual deductible and copays.
  • HDHP combined with a health savings account with a contribution from SAS (no access to on-site health care center).
• Onsite Health Care Center (HQ) that’s free to employees and family members enrolled in the PPO plan. There's a pharmacy too! Not local to HQ? The pharmacy will ship prescriptions for no additional charge!
• An industry-leading 401k plan.
• Generous time away including vacation time, a variety of paid holidays, and our much-loved U.S. Winter Wellness Break between December 25 and January 1.
• Volunteer Time Off, parental leave and unlimited paid sick days.
• Generous childcare benefits for all full-time employees.

Diverse and Inclusive

At SAS and JMP, it’s not about fitting into our culture – it’s about adding to it. We believe our people make the difference. Our diverse workforce brings together unique talents and inspires teams to create amazing software that reflects the diversity of our users and customers. Our commitment to diversity is a priority to our leadership, all the way up to the top; and it’s essential to who we are. To put it plainly: you are welcome here.

 Additional Information:

JMP is an equal opportunity employer. All qualified applicants are considered for employment without regard to race, color, religion, gender, sexual orientation, gender identity, age, national origin, disability status, protected veteran status or any other characteristic protected by law. Read more: Know Your Rights. 

Equivalent combination of education, training and experience may be considered in place of the above qualifications. Resumes may be considered in the order they are received. JMP employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, JMP may obtain nationality or citizenship information from applicants for employment. JMP collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.

To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status.

All valid JMP job openings are located on the Careers page at www.jmp.com. JMP and SAS only send emails from verified “jmp.com” and "sas.com" email addresses and never ask for sensitive, personal information or money. Should you have any doubts about the authenticity of any type of communication from, for, or on behalf of JMP, please contact us at Recruitingsupport@sas.com before taking any further action.

#JMP