Job Description

The Enterprise Architect for Application Security & Cloud Platform will work onsite at our corporate office in Springfield, MO. and is a senior strategic role within IT Security, responsible for defining, governing, and continuously improving the secure-by-design architecture for applications and cloud platforms across the enterprise. Operating at an enterprise-wide scope, this role provides architectural leadership spanning secure application patterns, cloud-native platform controls, identity, containerization, API security, and integration governance.

You will collaborate across Security, Engineering, Operations, and business technology teams to ensure all application and platform designs meet enterprise risk tolerance, regulatory standards, and modern architectural principles. This role will define the long-term vision for secure application and cloud platform architecture, develop enterprise guardrails and reusable patterns, and guide solution and domain architects in consistent adoption.

This position is based at our corporate office in Springfield, MO.

ESSENTIAL FUNCTIONS

Enterprise Security Architecture Leadership

• Define the enterprise architecture strategy for application security and cloud platform security
• Develop and govern secure design principles, reference architectures, and reusable security patterns
• Partner with Security to align enterprise architecture with risk, compliance, and threat intelligence
• Lead architecture review boards (ARBs) in evaluating system designs for adherence to enterprise guardrails
• Provide architectural oversight for major programs, transformation initiatives, and cloud modernization efforts

Application Security Architecture (Cloud & Legacy)

• Architect secure application patterns across microservices, APIs, serverless workloads, and legacy platforms
• Define enterprise-wide secure coding standards, threat modeling frameworks, and application-layer guardrails
• Evaluate and select application security platforms (SAST, DAST, SCA, RASP, API security, etc.)
• Oversee security integration into CI/CD pipelines, supporting enterprise DevSecOps maturity
• Guide development teams on secure design, vulnerability mitigation, and adoption of shift-left practices

Cloud Platform Security Architecture (Azure & GCP)

• Architect enterprise-secure patterns for identity, workload isolation, data protection, and perimeter-less security
• Develop and enforce security architecture for container platforms, serverless, Kubernetes, and cloud-native services
• Define enterprise controls leveraging CSPM, CWPP, CNAPP, zero trust, and identity-first security models
• Partner with Cloud Engineering to implement platform guardrails, landing zones, and compliance automation
• Establish enterprise standards for multi-cloud security configurations, logging, and monitoring

Legacy Platform Security Architecture

• Define strategic direction for securing legacy WebSphere Commerce Suite (WCS) and similar systems
• Develop compensating controls, hardening baselines, and integration security patterns
• Lead architectural decision-making for modernization and migration paths away from legacy platforms

Governance, Standards & Strategic Innovation

• Create and maintain policies, standards, and architecture principles governing secure application and cloud design
• Conduct enterprise-level threat modeling and risk assessments across platforms and business solutions
• Serve as the primary architecture liaison with audit, risk, and compliance stakeholders (PCI, SOC 2, NIST, ISO)
• Evaluate emerging technologies, conduct platform capability assessments, and guide long-term investment strategy
• Mentor solution architects, engineers, and developers across ETS pillars on secure architecture practices

EXPERIENCE & QUALIFICATIONS

• Bachelor’s degree in Computer Science, Engineering, or equivalent experience
• 12+ years in software architecture, application security, or cloud platform architecture
• 7+ years designing and securing cloud-native architectures in Azure or GCP
• Deep expertise in secure application patterns, DevSecOps, and CI/CD security integration
• Strong architectural knowledge of microservices, Kubernetes, containers, and serverless
• Familiarity with legacy platform security, including WCS or Java-based enterprise systems
• In-depth understanding of cloud-native security services (Azure Defender, GCP SCC, etc.)
• Expertise with OWASP, NIST, Zero Trust, secure design principles, and threat modeling
• Professional certifications preferred: CISSP, CCSP, CSSLP, GCSA, TOGAF, or Azure/GCP Architect
• Strong executive communication and ability to influence across Security, Engineering, and Operations

TRAVEL REQUIREMENTS:
Occasional travel to visit key facilities or in support of team meetings (less than 15%)

PHYSICAL REQUIREMENTS:
Regularly performs computer work and sits
Occasionally walks and stands
Seldom/never lifts up to 50lbs

INDEPENDENT JUDGEMENT:
Develops strategic direction, goals, plans, and policies for application security. Sets broad objectives and is accountable for overall results in respective area of responsibility. Requires high degree of independent judgment and problem solving of complex problems.

Full Time Benefits Summary:
Enjoy discounts on retail merchandise, our restaurants, world-class resorts and conservation attractions!

• Medical
• Dental
• Vision
• Health Savings Account
• Flexible Spending Account
• Voluntary benefits
• 401k Retirement Savings
• Paid holidays
• Paid vacation
• Paid sick time
• Bass Pro Cares Fund
• And more!

Bass Pro Shops is an equal opportunity employer. Hiring decisions are administered without regard to race, color, creed, religion, sex, pregnancy, sexual orientation, gender identity, age, national origin, ancestry, citizenship status, disability, veteran status, genetic information, or any other basis protected by applicable federal, state or local law.

Reasonable Accommodations

Qualified individuals with known disabilities may be entitled to reasonable accommodation under the Americans with Disabilities Act and certain state or local laws.
If you need a reasonable accommodation for any part of the application process, please visit your nearest location or contact us at hrcompliance@basspro.com.

Bass Pro Shops