Principal Product Security Architect

Requirements

• experience in information security with at least 5 years focused on product security, application security, or security architecture Deep expertise in secure software development lifecycle (SDLC) practices and modern development frameworks Proven
• experience conducting threat modeling and risk assessments for complex distributed systems Strong understanding of common vulnerability classes (OWASP Top 10, CWE Top 25) and secure coding practices across multiple languages Demonstrated ability to write production-quality code and create technical security guidance for engineering teams
• Experience building reference architectures, libraries, and automations that address security at scale Excellent written and verbal communication skills with ability to tailor messaging for technical and executive audiences Track record of influencing engineering practices and building trust with development teams Preferred
• Experience with cloud-native architectures (AWS, Azure, GCP) and container security (Kubernetes, Docker) as well as large-scale private cloud deployments
• Experience assessing and securing Java platforms, event driven architectures, and data security in multi-tenant SaaS solutions Knowledge of cryptography, PKI, authentication protocols (OAuth 2.0, SAML, OIDC), and identity management Background in security compliance frameworks ( NIST SP 800-53, NIST SSDF ) Certifications such as CISSP, CISSP-ISSAP/ TOGAF would be an added advantage.
• Contributions to open-source security projects or published security research Familiarity with Infrastructure as Code (Terraform) and Policy as Code (OPA)
• Experience with security automation, SAST/DAST tools, and security testing frameworks Security certifications such as CISSP, OSCP, GIAC, or similar credentials
• Experience working in regulated industries (government, healthcare, financial services) Skills Communication: Both verbal and written communication skills are key, as is the ability to explain why security improvements are needed Languages : Proficiency in at least two of: Java, Python, Go, React Security Tools :
• Experience with threat modeling tools, SAST/DAST scanners, dependency checkers, and security testing frameworks Architecture : Deep understanding of microservices, APIs, event-driven systems, and distributed architectures Security Controls : Expertise in authentication, authorization, encryption, secrets management, and secure communications Methodologies : Threat modeling (STRIDE), risk frameworks (FAIR, NIST RMF), secure design principles (least privilege, defense - in -d epth, zero trust)