Product Architect - Security

Overview

The Product Architecture team provides architecture support to Product Management and Engineering, guiding good product design and integration in readiness for release and customer integration.

Additionally, they provide customer site specific services such as technology stack evaluation and recommendations, bespoke customer integration guidance, and deep dive assistance on persistent problems.. 

The Security Architect will be a key member of the Product Architecture team, responsible for embedding security design and principles into our products. This role ensures that security is integrated across all architectural layers—application, infrastructure, and cloud—while aligning with organizational standards and compliance requirements.

Responsibilities

• Define and maintain security architecture standards for product solutions, including cloud-native and hybrid deployments.
• Conduct architecture security reviews early in the development lifecycle to identify and mitigate risks.
• Perform threat modelling for new features and products; recommend design and controls to address vulnerabilities.
• Ensure design compliance with OWASP Top 10, NIST Cybersecurity Framework, and internal security benchmarks.
• Align product security with regulatory requirements (e.g., GDPR, FedRAMP, ISO 27001).
• Establish guardrails for identity management, encryption, and secure coding practices.
• Work closely with Product Architects, Engineering, and DevOps teams to integrate security into CI/CD pipelines.
• Provide guidance on secure API design, container security, and cloud security posture management.
• Evaluate how security technologies and patterns (e.g., Zero Trust, federated identity, gatekeeper patterns) can be adopted into the architecture.
• Drive adoption of automated security testing and monitoring tools.
• When required by System Architecture, help define a particular security decision or solution for a customer deployment to guide development and customer technical leads.

Qualifications

• Bachelor’s or Master’s degree in Computer Science, Information Security, or related field.
• 8+ years of experience in security architecture, preferably in product development environments.
• Expertise in cloud security (Azure/AWS), container security, and microservices architecture.
• Strong knowledge of cryptography, IAM, PKI, and secure API design.
• Familiarity with SIEM, vulnerability management, and security automation tools.
• A strong understanding of product management and agile software development methods, with familiarity in modern product design and management tools
• Strong knowledge of Java and its ecosystem, including common frameworks and technologies such as Spring, JPA/Hibernate, RESTful APIs, Maven/Gradle, and unit/integration testing frameworks
• Familiarity with frontend technologies (e.g., HTML, JavaScript, React/Angular) at a conceptual level to support end-to-end design discussions
• Certifications (Preferred):
• CISSP, CCSP, or AWS/Azure Security Specialty.
• Understanding of Infrastructure as Code (IaC) (e.g., Terraform, ARM/Bicep, or CloudFormation) and DevOps tools and practices, such as CI/CD pipelines (e.g., Azure DevOps, Jenkins, GitHub Actions), containerization and orchestration (Kubernetes)
• Ability to travel (up to 15% of time)
• Ability to work across multiple time zones if required

Success Profile

• Leading Complexity
• Leading People
• Leading the Business
• Leading Self

#LI-KB1 #LI-HYBRID