Job Description

Job Description

Product Security Architect

Position Overview

We are seeking an experienced Product Security Architect to join our Security Center of Excellence team and lead security initiatives across our cloud-based SaaS product portfolio. This role requires a unique blend of deep technical expertise, architectural vision, and collaborative leadership to ensure our products are built with security at their core. The ideal candidate will work at the intersection of security, development, and product design to create robust, secure solutions that protect our customers and their data.

Key Responsibilities

Security Architecture & Design

• Design and implement comprehensive security architectures for cloud-based SaaS products, ensuring security is embedded throughout the product lifecycle
• Conduct thorough threat modeling exercises for new and existing product features, identifying potential vulnerabilities and attack vectors
• Define security requirements, patterns, and best practices for product development teams
• Review and approve architectural designs from a security perspective, providing actionable guidance and recommendations

Product Security Assessment

• Perform in-depth security assessments of products at the code, configuration, and architectural levels
• Identify security vulnerabilities, weaknesses, and gaps in existing and proposed product implementations
• Conduct code reviews with a focus on security, analyzing Java, Python, and React codebases for security flaws
• Evaluate third-party integrations, APIs, and dependencies for security risks

Collaboration & Enablement

• Partner closely with development teams to integrate security controls and best practices into the software development lifecycle
• Work with QE teams to develop security test strategies, including penetration testing, vulnerability scanning, and security automation
• Provide security guidance and mentorship to engineering teams, fostering a security-first culture
• Translate complex security concepts into clear, actionable recommendations for technical and non-technicaål stakeholders

Cloud & Infrastructure Security

• Design and implement security controls for cloud infrastructure and services (AWS, Azure, GCP)
• Architect and implement IAM strategies including role-based access control (RBAC), attribute-based access control (ABAC), least privilege principles, and identity federation
• Design secure network architectures including VPCs, security groups, network ACLs, microsegmentation, and zero-trust network access
• Establish cloud configuration security standards and guardrails to prevent misconfigurations and ensure secure-by-default deployments
• Ensure proper implementation of cloud security best practices including data encryption (at rest and in transit), secrets management, and compliance
• Monitor and respond to emerging cloud security threats and vulnerabilities

Security Standards & Compliance

• Establish and maintain security standards, policies, and procedures aligned with industry frameworks
• Support compliance efforts including SOC 2, ISO 27001, GDPR, and other relevant standards
• Stay current with evolving security threats, vulnerabilities, and industry best practices

Required Qualifications

Experience

• 8+ years of experience in information security, with at least 5 years specifically in product security architecture
• Proven track record as a Product Security Architect in a SaaS or cloud-based company
• Extensive experience with threat modeling methodologies (STRIDE, PASTA, or similar)
• Hands-on experience identifying and remediating security vulnerabilities in production environments
• Strong background working collaboratively with development and QE teams in agile environments

Technical Expertise

• Deep understanding of secure coding practices and common vulnerability patterns (OWASP Top 10, CWE/SANS Top 25)
• Proficiency in code-level security analysis across multiple languages, particularly Java, Python, and React/JavaScript
• Strong knowledge of cloud security architectures and services (AWS, Azure, or GCP)
• Expert-level knowledge of IAM principles and implementation including multi-factor authentication, single sign-on, privileged access management, service accounts, and identity lifecycle management
• Deep understanding of network security including firewalls, IDS/IPS, VPN, TLS/SSL, DDoS protection, API gateways, and secure network segmentation
• Extensive experience with cloud configuration security including infrastructure-as-code security, cloud security posture management, configuration drift detection, and automated compliance checking
• Experience with authentication and authorization frameworks (OAuth 2.0, OpenID Connect, SAML, JWT, RBAC, ABAC)
• Understanding of containerization and orchestration security (Docker, Kubernetes)
• Knowledge of API security, microservices architecture, and distributed systems security
• Familiarity with DevSecOps practices and security automation tools (SAST, DAST, SCA)

Certifications

• CISSP (Certified Information Systems Security Professional) required
• Additional relevant certifications valued:
• Cloud security: CCSP, AWS Certified Security Specialty, Azure Security Engineer, Google Cloud Professional Security Engineer
• Security architecture: CSSLP, SABSA
• Penetration testing: CEH, OSCP, GPEN
• Network security: CCNP Security, GIAC certifications

Preferred Qualifications

• Experience with Infrastructure as Code (Terraform, CloudFormation) and security policy as code
• Knowledge of zero-trust architecture principles and implementation
• Experience with security incident response and vulnerability management programs
• Background in software development or engineering
• Experience with regulatory compliance frameworks and security audits
• Published security research, conference presentations, or contributions to open-source security projects
• Master's degree in Computer Science, Cybersecurity, or related field

Technical Skills

Programming & Scripting:

• Java (enterprise application security)
• Python (security automation, scripting)
• JavaScript/React (frontend security)
• Additional languages a plus (Go, Rust, C/C++)

Security Tools & Platforms:

• SAST/DAST tools (Checkmarx, Fortify, Veracode, etc.)
• Vulnerability scanners and penetration testing tools
• Security information and event management (SIEM) platforms
• Cloud security posture management (CSPM) tools

Cloud Platforms & Configuration:

• AWS, Azure, or Google Cloud Platform
• IAM services (AWS IAM, Azure AD, GCP IAM, identity federation)
• Network security services (VPC, Security Groups, Network ACLs, WAF, Cloud Firewall)
• Cloud configuration management and security scanning tools
• Cloud-native security services and controls (GuardDuty, Security Hub, Azure Defender, Security Command Center)
• Secrets management (AWS Secrets Manager, Azure Key Vault, HashiCorp Vault)
• Serverless architecture security

Development & DevOps:

• CI/CD pipelines and security integration
• Version control systems (Git)
• Containerization and orchestration
• Agile/Scrum methodologies

Personal Attributes

• Strong analytical and problem-solving skills with attention to detail
• Excellent communication skills with the ability to influence and educate diverse audiences
• Self-motivated with the ability to work independently and as part of a team
• Passionate about security and staying ahead of emerging threats
• Pragmatic approach to balancing security with business needs and user experience

What We Offer

• Opportunity to shape security architecture for cutting-edge Cybersecurity SaaS products
• Collaborative environment with highly talented engineering teams
• Professional development and growth opportunities
• Competitive compensation and benefits package

We are an equal opportunity employer and value diversity in our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Job Tags

Similar Jobs