Product Security Architect

Product Security Architect

Job Overview:

Product Security Architect

Key Responsibilities:

• Lead and support all phases of secure engineering, product support, and development of lifecycles
• Drive secure development principles and implement cybersecurity practices across engineering and production teams
• Define cybersecurity requirements, perform gap analysis, and establish roadmaps to manage and remediate residual risk
• Architect secure solutions, define security control frameworks, and integrate cybersecurity features into product designs
• Conduct and support threat modeling, risk assessments, security assurance testing, and vulnerability assessments
• Lead security design reviews and provide oversight for secure architecture implementation
• Serve as a subject matter expert to resolve complex product cybersecurity challenges
• Mentor engineering teams provide training and promote secure coding and design practices
• Participate in audit and compliance activities for certifications, governance, and standards.
• Collaborate on ad hoc cybersecurity initiatives to support secure operations and product innovation
• Ensure alignment of security strategies with overall product and business objectives

Required Skills:

• Strong background in cybersecurity principles, secure software/hardware design, and development practices
• In-depth experience with risk management, threat modeling, security testing, and vulnerability assessments
• Solid understanding of industry security standards (e.g., NIST, ISO 27001/62443, OWASP)
• Excellent analytical, problem-solving, and decision-making capabilities
• Demonstrated ability to lead cross-functional teams and influence stakeholders

Technical Skills:

• Secure Development Lifecycle (SDLC) frameworks
• Architecture risk analysis and mitigation strategies
• Embedded system and IoT security
• Cryptographic protocols and key management
• Threat modeling tools (e.g., STRIDE, DREAD, Microsoft Threat Modeling Tool)
• SAST/DAST tools and techniques
• Security compliance and regulatory standards (e.g., IEC 62443, NIST 800-53)
• Dev SecOps integration
• Cloud security (AWS, Azure) and container security principles
• Familiarity with secure firmware and hardware-level security controls

Mandatory Certifications:

• OSCP

  Offensive Security Certified Professional

Good to Have Certifications:

• CSSLP

  - Certified Secure Software Lifecycle Professional