Product Security Architect

Job Description Product Security Architect Position Overview We are seeking an experienced Product Security Architect to join our Security Center of Excellence team and lead security initiatives across our cloud-based SaaS product portfolio. This role requires a unique blend of deep technical expertise, architectural vision, and collaborative leadership to ensure our products are built with security at their core. The ideal candidate will work at the intersection of security, development, and product design to create robust, secure solutions that protect our customers and their data. Key Responsibilities Security Architecture & Design Design and implement comprehensive security architectures for cloud-based SaaS products, ensuring security is embedded throughout the product lifecycle Conduct thorough threat modeling exercises for new and existing product features, identifying potential vulnerabilities and attack vectors Define security requirements, patterns, and best practices for product development teams Review and approve architectural designs from a security perspective, providing actionable guidance and recommendations Product Security Assessment Perform in-depth security assessments of products at the code, configuration, and architectural levels Identify security vulnerabilities, weaknesses, and gaps in existing and proposed product implementations Conduct code reviews with a focus on security, analyzing Java, Python, and React codebases for security flaws Evaluate third-party integrations, APIs, and dependencies for security risks Collaboration & Enablement Partner closely with development teams to integrate security controls and best practices into the software development lifecycle Work with QE teams to develop security test strategies, including penetration testing, vulnerability scanning, and security automation Provide security guidance and mentorship to engineering teams, fostering a security-first culture Translate complex security concepts into clear, actionable recommendations for technical and non-technical stakeholders Cloud & Infrastructure Security Design and implement security controls for cloud infrastructure and services (AWS, Azure, GCP) Architect and implement IAM strategies including role-based access control (RBAC), attribute-based access control (ABAC), least privilege principles, and identity federation Design secure network architectures including VPCs, security groups, network ACLs, microsegmentation, and zero-trust network access Establish cloud configuration security standards and guardrails to prevent misconfigurations and ensure secure-by-default deployments Ensure proper implementation of cloud security best practices including data encryption (at rest and in transit), secrets management, and compliance Monitor and respond to emerging cloud security threats and vulnerabilities Security Standards & Compliance Establish and maintain security standards, policies, and procedures aligned with industry frameworks Support compliance efforts including SOC 2, ISO 27001, GDPR, and other relevant standards Stay current with evolving security threats, vulnerabilities, and industry best practices Required Qualifications Experience 8+ years of experience in information security, with at least 5 years specifically in product security architecture Proven track record as a Product Security Architect in a SaaS or cloud-based company Extensive experience with threat modeling methodologies (STRIDE, PASTA, or similar) Hands-on experience identifying and remediating security vulnerabilities in production environments Strong background working collaboratively with development and QE teams in agile environments Technical Expertise Deep understanding of secure coding practices and common vulnerability patterns (OWASP Top 10, CWE / SANS Top 25) Proficiency in code-level security analysis across multiple languages, particularly Java, Python, and React / JavaScript Strong knowledge of cloud security architectures and services (AWS, Azure, or GCP) Expert-level knowledge of IAM principles and implementation including multi-factor authentication, single sign-on, privileged access management, service accounts, and identity lifecycle management Deep understanding of network security including firewalls, IDS / IPS, VPN, TLS / SSL, DDoS protection, API gateways, and secure network segmentation Extensive experience with cloud configuration security including infrastructure-as-code security, cloud security posture management, configuration drift detection, and automated compliance checking Experience with authentication and authorization frameworks (OAuth 2.0, OpenID Connect, SAML, JWT, RBAC, ABAC) Understanding of containerization and orchestration security (Docker, Kubernetes) Knowledge of API security, microservices architecture, and distributed systems security Familiarity with DevSecOps practices and security automation tools (SAST, DAST, SCA) Certifications CISSP (Certified Information Systems Security Professional) required Additional relevant certifications valued : Cloud security : CCSP, AWS Certified Security Specialty, Azure Security Engineer, Google Cloud Professional Security Engineer Security architecture : CSSLP, SABSA Penetration testing : CEH, OSCP, GPEN Network security : CCNP Security, GIAC certifications Preferred Qualifications Experience with Infrastructure as Code (Terraform, CloudFormation) and security policy as code Knowledge of zero-trust architecture principles and implementation Experience with security incident response and vulnerability management programsBackground in software development or engineering Experience with regulatory compliance frameworks and security audits Published security research, conference presentations, or contributions to open-source security projects Master's degree in Computer Science, Cybersecurity, or related field Technical Skills Programming & Scripting : Java (enterprise application security) Python (security automation, scripting) JavaScript / React (frontend security) Additional languages a plus (Go, Rust, C / C++) Security Tools & Platforms : SAST / DAST tools (Checkmarx, Fortify, Veracode, etc.) Vulnerability scanners and penetration testing tools Security information and event management (SIEM) platforms Cloud security posture management (CSPM) tools Cloud Platforms & Configuration : AWS, Azure, or Google Cloud Platform IAM services (AWS IAM, Azure AD, GCP IAM, identity federation) Network security services (VPC, Security Groups, Network ACLs, WAF, Cloud Firewall) Cloud configuration management and security scanning tools Cloud-native security services and controls (GuardDuty, Security Hub, Azure Defender, Security Command Center) Secrets management (AWS Secrets Manager, Azure Key Vault, HashiCorp Vault) Serverless architecture security Development & DevOps : CI / CD pipelines and security integration Version control systems (Git) Containerization and orchestration Agile / Scrum methodologies Personal Attributes Strong analytical and problem-solving skills with attention to detail Excellent communication skills with the ability to influence and educate diverse audiences Self-motivated with the ability to work independently and as part of a team Passionate about security and staying ahead of emerging threats Pragmatic approach to balancing security with business needs and user experience What We Offer Opportunity to shape security architecture for cutting-edge Cybersecurity SaaS products Collaborative environment with highly talented engineering teams Professional development and growth opportunities Competitive compensation and benefits package We are an equal opportunity employer and value diversity in our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. #J-18808-Ljbffr