Job Information
Cabela's Enterprise Architect- Application Security and Cloud Platform On-Site: Springfield, MO in Springfield, United States
POSITION SUMMARY
The Enterprise Architect for Application Security & Cloud Platform will work onsite at our corporate office in Springfield, MO. and is a senior strategic role within IT Security, responsible for defining, governing, and continuously improving the secure-by-design architecture for applications and cloud platforms across the enterprise. Operating at an enterprise-wide scope, this role provides architectural leadership spanning secure application patterns, cloud-native platform controls, identity, containerization, API security, and integration governance.
You will collaborate across Security, Engineering, Operations, and business technology teams to ensure all application and platform designs meet enterprise risk tolerance, regulatory standards, and modern architectural principles. This role will define the long-term vision for secure application and cloud platform architecture, develop enterprise guardrails and reusable patterns, and guide solution and domain architects in consistent adoption.
This position is based at our corporate office in Springfield, MO.
ESSENTIAL FUNCTIONS
Enterprise Security Architecture Leadership
Define the enterprise architecture strategy for application security and cloud platform security
Develop and govern secure design principles, reference architectures, and reusable security patterns
Partner with Security to align enterprise architecture with risk, compliance, and threat intelligence
Lead architecture review boards (ARBs) in evaluating system designs for adherence to enterprise guardrails
Provide architectural oversight for major programs, transformation initiatives, and cloud modernization efforts
Application Security Architecture (Cloud & Legacy)
Architect secure application patterns across microservices, APIs, serverless workloads, and legacy platforms
Define enterprise-wide secure coding standards, threat modeling frameworks, and application-layer guardrails
Evaluate and select application security platforms (SAST, DAST, SCA, RASP, API security, etc.)
Oversee security integration into CI/CD pipelines, supporting enterprise DevSecOps maturity
Guide development teams on secure design, vulnerability mitigation, and adoption of shift-left practices
Cloud Platform Security Architecture (Azure & GCP)
Architect enterprise-secure patterns for identity, workload isolation, data protection, and perimeter-less security
Develop and enforce security architecture for container platforms, serverless, Kubernetes, and cloud-native services
Define enterprise controls leveraging CSPM, CWPP, CNAPP, zero trust, and identity-first security models
Partner with Cloud Engineering to implement platform guardrails, landing zones, and compliance automation
Establish enterprise standards for multi-cloud security configurations, logging, and monitoring
Legacy Platform Security Architecture
Define strategic direction for securing legacy WebSphere Commerce Suite (WCS) and similar systems
Develop compensating controls, hardening baselines, and integration security patterns
Lead architectural decision-making for modernization and migration paths away from legacy platforms
Governance, Standards & Strategic Innovation
Create and maintain policies, standards, and architecture principles governing secure application and cloud design
Conduct enterprise-level threat modeling and risk assessments across platforms and business solutions
Serve as the primary architecture liaison with audit, risk, and compliance stakeholders (PCI, SOC 2, NIST, ISO)
Evaluate emerging technologies, conduct platform capability assessments, and guide long-term investment strategy
Mentor solution architects, engineers, and developers across ETS pillars on secure architecture practices
EXPERIENCE & QUALIFICATIONS
Bachelor’s degree in Computer Science, Engineering, or equivalent experience
12+ years in software architecture, application security, or cloud platform architecture
7+ years designing and securing cloud-native architectures in Azure or GCP
Deep expertise in secure application patterns, DevSecOps, and CI/CD security integration
Strong architectural knowledge of microservices, Kubernetes, containers, and serverless
Familiarity with legacy platform security, including WCS or Java-based enterprise systems
In-depth understanding of cloud-native security services (Azure Defender, GCP SCC, etc.)
Expertise with OWASP, NIST, Zero Trust, secure design principles, and threat modeling
Professional certifications preferred: CISSP, CCSP, CSSLP, GCSA, TOGAF, or Azure/GCP Architect
Strong executive communication and ability to influence across Security, Engineering, and Operations
TRAVEL REQUIREMENTS:
Occasional travel to visit key facilities or in support of team meetings (less than 15%)
PHYSICAL REQUIREMENTS:
Regularly performs computer work and sits
Occasionally walks and stands
Seldom/never lifts up to 50lbs
INDEPENDENT JUDGEMENT:
Develops strategic direction, goals, plans, and policies for application security. Sets broad objectives and is accountable for overall results in respective area of responsibility. Requires high degree of independent judgment and problem solving of complex problems.
Full Time Benefits Summary:
Enjoy discounts on retail merchandise, our restaurants, world-class resorts and conservation attractions!
Medical
Dental
Vision
Health Savings Account
Flexible Spending Account
Voluntary benefits
401k Retirement Savings
Paid holidays
Paid vacation
Paid sick time
Bass Pro Cares Fund
And more!
Bass Pro Shops is an equal opportunity employer. Hiring decisions are administered without regard to race, color, creed, religion, sex, pregnancy, sexual orientation, gender identity, age, national origin, ancestry, citizenship status, disability, veteran status, genetic information, or any other basis protected by applicable federal, state or local law.
Reasonable Accommodations
Qualified individuals with known disabilities may be entitled to reasonable accommodation under the Americans with Disabilities Act and certain state or local laws.
If you need a reasonable accommodation for any part of the application process, please visit your nearest location or contact us at hrcompliance@basspro.com.
Bass Pro Shops