Principal Architect Product Security

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, Engineering, or related field; OR demonstrated capability to perform job responsibilities with a combination of a High School Diploma/GED and at least four (4) years of previous related work experience.
• Five (5) years of experience in cybersecurity, application security, product security, security architecture, software engineering, cloud security, or related technology roles.
• Five (5) years of experience designing or securing modern applications, APIs, cloud-native services, distributed systems, or digital platforms.
• Experience leading security architecture decisions across multiple product teams or technology portfolios.
• Strong knowledge of secure SDLC, DevSecOps, threat modeling, vulnerability management, application security testing, API security, identity, data protection, and cloud security.
• Experience developing secure design standards, reusable architecture patterns, technical guardrails, or engineering guidance.
• Ability to manage competing priorities in a fast-paced, multi-team environment.
• Must pass a pre-employment drug test.
• Available for occasional overnight travel (10%)
• Must be legally eligible to work in the country in which the position is located.
• Authorization to work in the US is required. This position is not eligible for a visa sponsorship.

Nice To Haves

• Experience supporting large-scale customer-facing applications, digital platforms, mobile applications, ecommerce, loyalty, APIs, or cloud-native services.
• Experience in aviation, transportation, financial services, healthcare, retail, or another regulated or operationally complex environment.
• Experience building or scaling Product Security, Application Security, or DevSecOps practices.
• Experience with AWS, Azure, GCP, Kubernetes, containers, serverless platforms, API gateways, WAF technologies, secrets management, CI/CD, and policy-as-code.
• Knowledge of OWASP Top 10, OWASP API Security Top 10, OWASP ASVS, and Zero Trust principles.
• Experience influencing enterprise architecture boards, technology governance forums, or risk committees.
• CISSP, CSSLP, CCSP, SABSA, AWS Security Specialty, Azure Security Engineer, or equivalent certification preferred.

Responsibilities

• Lead product security architecture across multiple product portfolios or major business capabilities.
• Define and maintain reusable secure design patterns, reference architectures, and technical guardrails.
• Review high-risk product, platform, API, cloud, and integration designs.
• Partner with product and engineering leaders to embed security into planning, design, development, testing, deployment, and operations.
• Translate cybersecurity policies, standards, and risk expectations into practical product security requirements.
• Guide teams on secure implementation of modern application, API, cloud-native, and distributed architectures.
• Establish and lead threat modeling for complex or high-risk products and platforms.
• Identify architecture-level security gaps and recommend pragmatic remediation plans.
• Escalate material risks and provide clear risk narratives to technology and cybersecurity leadership.
• Define expectations for security controls in CI/CD pipelines and developer workflows.
• Guide adoption of SAST, DAST, SCA, container scanning, IaC scanning, secrets detection, and related tooling.
• Partner with engineering teams to improve security testing quality, reduce noise, and increase actionable remediation.
• Contribute to metrics that measure product security maturity, control adoption, and vulnerability reduction.
• Define product security guidance for authentication, authorization, federation, API security, encryption, secrets management, and secure data handling.
• Advise on Zero Trust, least privilege, service-to-service security, and secure integration patterns.
• Partner with cloud and platform teams to embed security into shared engineering services and platform capabilities.
• Serve as a senior product security advisor to product, engineering, cybersecurity, architecture, privacy, compliance, and risk teams.
• Mentor Product Security Architects, engineers, and technical leads.
• Participate in architecture review boards, design forums, and governance processes.
• Contribute to product security standards, maturity models, dashboards, and continuous improvement efforts.

Benefits

• performance bonuses
• restricted stock units
• healthcare benefits
• a 401(k) plan and company match
• crewmember stock purchase plan
• short-term and long-term disability coverage
• basic life insurance
• free space available travel on JetBlue