Product Security Architect

The Product Security Architecture Team (PSAT) is an integral part of the corporate Product Security organization and is responsible for integrating security by design into the products created by our partner organizations in the business. Our PSAT consists of experienced security professionals that possess strong technical and communication skills, along with a proven track record of leadership demonstrated in leading key security architecture initiatives across the company.

Job Description

We are seeking an experienced Product Security Architect with an initial focus on secure architecture standards and advisory. As a Product Security Architect, you will be responsible for designing, implementing, and maintaining the security posture of our product environments in partnership with the product teams. You will be leading discussions with product teams regarding security design considerations and implementations. Your primary focus will be on ensuring the confidentiality, integrity, and availability of our products and services by devising, documenting, and communicating technical security standards, procedures, and specifications that comply with NIST security standards such 800-53, 800-207, 800-92 etc. You will also be responsible for advising product teams on secure architecture implementation details during product design.

Responsibilities

- Design and develop product security architecture frameworks and solutions that align with industry best practices and meet business requirements.

- Collaborate with product teams to define and enforce security standards and procedures enabling security by design

- Design and architect the secure architecture patterns that comply with external standards as required by product organizations

- Collaborate with product teams to provide one on one support on secure architecture implementations

- Collaborate with adjacent product security teams to provide support on secure architectural “how-to” details required by Governance, Risk, Compliance (GRC) functions, Product Security Reviews (PSRs), Champions program

- Stay up-to-date with the latest security trends, threats, and technologies, and provide recommendations for enhancing security monitoring capabilities.

Basic Requirements

- Overall 5+ years of experience in security engineering and architecture design, with at least 3+ years of experience in product security architecture. Extensive experience in designing and implementing secure network, system, and application architectures.

- Bachelor's degree in Computer Science, Information Security, or a related field (Master's degree preferred).

- Experience in security engineering at scale in complex product environments. Proven experience as a security architect or similar role in a large corporate environment.

- Strong communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams and stakeholders.

- Ability to explain complex security issues and risks to non-technical stakeholders

- Ability to handle multiple projects and prioritize tasks in a fast-paced environment.

- Leadership skills to guide and mentor product teams on security best practices

- Relevant certifications such as CISSP, CISM, CCSP, or AWS/Azure/GCP security certifications are highly desirable

- Strong understanding of network security, encryption, identity and access management, and data protection principles.

- In-depth understanding of security monitoring technologies, SIEM, IDS/IPS, log management, threat intelligence, vulnerability management, secure coding practices, threat modeling

- Familiarity with industry standards and frameworks such as FedRAMP, NIST, ISO 27001, CIS, PCI DSS, ATT&CK, D3FEND, CIS, CSF, NICE, CAF.

- Proficient in scripting or programming languages (e.g., Python, PowerShell) to automate security tasks.

- Excellent problem-solving and analytical skills, with the ability to analyze complex security incidents and recommend appropriate actions.