Product Security Architect

We are seeking an experienced Product Security Architect to join our team. The ideal candidate will have a strong background in both networking and application security, coupled with hands-on experience in security testing. This role requires a proactive individual who is capable and excited to design, develop and evangelize new security concepts and approaches, as well as to implement and oversee robust security solutions throughout the product lifecycle.

Key Responsibilities:

Security Architecture & Design

• Define and implement security architecture for products, ensuring alignment with organizational policies and industry best practices.
• Collaborate with cross-functional teams to integrate security into product design, development, and deployment.
• Conduct threat modeling and security risk assessments for new and existing products.

Design Security Concepts and Features

• Define and maintain new security concepts, features and capabilities for the product.
• Guide and support the development of new security tools for both internal and production use.
• Evangelize new security approaches internally and externally.

Application & Network Security

• Design secure application workflows, security features, APIs, and network infrastructures.
• Identify and mitigate vulnerabilities in application code and network configurations.
• Ensure security controls for web applications, mobile apps, and backend systems are robust and effective.

Security Testing & Validation

• Perform hands-on security testing, including static and dynamic code analysis, penetration testing, and vulnerability assessments.
• Develop and maintain automated security testing tools and processes.
• Provide technical expertise in developing security processes, incident response, and vulnerability remediation efforts.
• Develop and enforce secure development lifecycle (SDLC) practices within development teams.

Mentorship & Communication

• Mentor and guide product and engineering teams on secure coding, architecture, and networking practices.
• Communicate security requirements and recommendations to stakeholders, including leadership and non-technical audiences.
• Perform other related duties to support team objectives and evolving responsibilities as assigned.

Qualifications:

Required Skills and Experience

• 9+ years of hands-on experience in both networking security and application security.
• Expertise in tools and techniques for security testing, including SAST, DAST, and fuzz testing.
• Strong understanding of network protocols, firewalls, VPNs, IDS/IPS, and related technologies.
• Deep knowledge of application security principles (e.g., OWASP Top 10, secure coding practices).
• Proficiency in scripting and automation for security testing (e.g., Python, Bash).

Preferred Skills

• Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field.
• Certifications such as CISSP, CEH, OSCP, or equivalent.
• Familiarity with DevSecOps principles and CI/CD pipeline integration.
• Experience with cloud security (AWS, Azure, Google Cloud Platform).
• Knowledge of container security tools (e.g., Docker, Kubernetes).

Personal Attributes

• Analytical and detail-oriented with excellent problem-solving skills.
• Strong communication and collaboration skills.
• A passion for staying updated on the latest security trends and technologies.