Product Security Architect

This is a fully remote position, open to applicants in United States.

📋 Description

• Lead the threat modeling process, conduct attack surface analyses, and perform secure design reviews across various products, platform services, endpoint agents, and cloud-native systems.

• Utilize LLM platforms (such as Claude and OpenAI) as essential tools to enhance threat analysis, generate abuse cases, conduct architecture reviews, and provide remediation guidance.

• Collaborate directly with engineering teams to integrate secure-by-default practices into the product development lifecycle.

• Take ownership of and enhance the Product Security handbook, which synthesizes product context from diverse sources to ensure adherence to secure design standards.

• Provide mentorship to Product Security Engineers and Security Champions, focusing on secure design principles, reducing attack surfaces, and implementing AI-first security workflows.

• Contribute to the evolution of BeyondTrust's AI-first Product Security Architecture strategy by pinpointing opportunities where AI workflows can supplant manual processes.

⛳️ Requirements

• Over 7 years of experience in Product Security, Application Security, Security Architecture, or Software Security Engineering.

• Extensive, hands-on experience with threat modeling, attack surface analysis, secure design reviews, and architecture risk analysis conducted at scale, rather than just theoretical knowledge.

• Proficient understanding of cloud-native systems, APIs, endpoint agents, thick clients, and identity/security platforms.

• Practical experience utilizing LLM platforms (such as Claude, OpenAI, or similar) within engineering or security workflows. You will be asked about your experiences and insights regarding their efficacy and limitations.

• Strong ability to influence engineering and product teams, approaching situations with a mindset focused on persuasion and practicality rather than blocking releases.

• A builder mentality, demonstrated by your experience in creating scalable security workflows, frameworks, or enablement programs, rather than merely consuming them.

• Experience in developing AI-native security workflows, plugins, agents, or developer tools.

• Background in securing endpoint technologies, identity systems, or enterprise security platforms.

• Offensive security experience or a background in adversarial testing, as understanding attacker mindset enhances overall security effectiveness.

• Experience with cloud security in AWS, Azure, or Kubernetes environments.

🏝️ Benefits

• Flexible work arrangements.

• Professional development opportunities.