Principal Product Security Architect

Job Summary

Required Qualifications

• 13+ years of experience in information security with at least 5 years focused on product security, application security, or security architecture
• Deep expertise in secure software development lifecycle (SDLC) practices and modern development frameworks
• Proven experience conducting threat modeling and risk assessments for complex distributed systems
• Strong understanding of common vulnerability classes (OWASP Top 10, CWE Top 25) and secure coding practices across multiple languages
• Demonstrated ability to write production-quality code and create technical security guidance for engineering teams
• Experience building reference architectures, libraries, and automations that address security at scale
• Excellent written and verbal communication skills with ability to tailor messaging for technical and executive audiences
• Track record of influencing engineering practices and building trust with development teams

Desired Qualifications

• Experience with cloud-native architectures (AWS, Azure, GCP) and container security (Kubernetes, Docker)
• Experience assessing and securing Java platforms, event driven architectures, and data security in multi-tenant SaaS solutions
• Knowledge of cryptography, PKI, authentication protocols (OAuth 2.0, SAML, OIDC), and identity management
• Background in security compliance frameworks (NIST SP 800-53, NIST SSDF)
• Certifications such as CISSP, CISSP-ISSAP/ TOGAF would be an added advantage
• Contributions to open-source security projects or published security research
• Familiarity with Infrastructure as Code (Terraform) and Policy as Code (OPA)
• Experience with security automation, SAST/DAST tools, and security testing frameworks
• Security certifications such as CISSP, OSCP, GIAC, or similar credentials
• Experience working in regulated industries (government, healthcare, financial services)