Product Security and Privacy Architect

This is a fully remote position, open to applicants in United States.

📋 Description

• Overseeing the daily governance of security and privacy architecture.

• Establishing security and privacy requirements, controls, and standards across the organization.

• Creating comprehensive Secure Coding, third-party, and deployment policies, along with other architecture-related standards.

• Developing necessary training materials.

• Defining paved roads and security and privacy-by-design patterns and libraries.

• Spearheading the development of AI-driven PSP Architecture capabilities.

• Managing the threat modeling framework and maintaining quality standards.

• Conducting and approving security and privacy architecture reviews.

• Leading audit and assessment planning, ensuring evidence meets expectations and is defensible.

• Responsible for selecting and integrating tools related to the security and privacy architecture domain.

• Designing compliance measures and analyzing new regulations and standards to identify gaps in the platform’s capabilities, standards, and controls.

• Evaluating the architecture of new acquisitions and contributing to due diligence as necessary.

• Offering recommendations for risk acceptance and exception requests.

• Providing insights on tooling strategy and integration guidance for non-architecture related domains.

• Advising on security requirements for supply chain tooling, pipeline architecture, and applicable standards.

• Ensuring that platform architecture supports the enforcement of PSP security controls.

• Delivering expert insights on exploitability, attack paths, and mitigation strategies during the incident handling process.

• Offering guidance on distinguishing true risk from noise in security tool outputs and penetration testing.

⛳️ Requirements

• A Master's Degree in computer science or a related field.

• A minimum of 3 years' experience in software/product security, application security, or security architecture.

• At least 7 years of hands-on experience in software engineering, QA, or DevOps earlier in your career.

• One or more security or privacy certifications (CISSP, CIPT, CSSLP, CEH, etc.) is advantageous.

• Demonstrated ownership of at least one of the following: threat modeling program, secure design review governance, audit evidence management, security tooling strategy, or penetration testing program.

• Experience contributing to at least one Secure Software Development Lifecycle (SSDL) program.

• Working knowledge of fundamental principles of application security.

• Familiarity with threat modeling principles.

• Understanding of security standards (OWASP, ISO, NIST, etc.).

• Knowledge of security regulations, such as the Radio Equipment Directive (RED), Cyber Resilience Act (CRA), Federal Information Processing Standards (FIPS), and Common Criteria (CC) or their equivalents.

• Strong understanding of cryptographic principles, including algorithms, key management, and protocols.

• Experience utilizing security tools (SAST, DAST, SCA, Vulnerability Scanners, Secret Scanners).

• Practical experience in at least one, preferably more, of the following application domains: Embedded Device Security, Mobile Security, Web & API Security, Desktop Security.

• Familiarity with Agile/SAFe methodology is preferred.

• Experience with AI tools in the context of a security program is preferred.

• Knowledge of Cloud infrastructure, Supply Chain, and deployment security is preferred.

🏝️ Benefits

• Competitive salary and reward packages.

• Comprehensive benefits and annual leave offerings.

• A vibrant, welcoming, and inclusive culture.

• Extensive opportunities and resources for career development.