Principal Architect, Product Security

About The Position

Requirements

• 15+ years of Security Engineering and Architecture experience, including principal- or architect-level leadership designing secure SaaS, appliance-based, or cloud-native platforms at global scale.
• Proven ability to architect secure multi-cloud (AWS, GCP, Azure, OCI) platforms, including identity federation, VPC/network isolation, workload identity, secrets lifecycle, and secure control-plane design.
• Deep expertise in securing: Container and Kubernetes ecosystems (EKS, GKE, AKS, Istio, Envoy, Pod Security, eBPF, runtime protection) Infrastructure-as-Code and platform engineering workflows (Terraform, Helm, CloudFormation, Kustomize, Pulumi) Protocol-heavy systems (DNS, DHCP, IPAM / DDI architecture, control-plane security, service segmentation, and abuse prevention)
• Advanced knowledge of secure architecture patterns, including Zero Trust, secure edge computing, secure boot, TPM, firmware integrity, remote attestation, confidential computing, and supply chain integrity (SBOM, SLSA, SCVS).
• Strong track record of architecting and implementing security automation, using language fluency in Python, Go, Rust, or Shell to build scalable tools, runtime validation frameworks, and detection/response integrations.
• Demonstrated experience translating compliance frameworks (FedRAMP High, SOC2, NIST 800-53, ISO 27001, SOX, CSA CCM) into engineering-enforceable technical control architectures.
• Hands-on experience conducting and leading: Threat modeling (STRIDE, PASTA, attack trees, misuse cases) Secure code reviews (Python, Go, Rust, C/C++, Lua, Shell) API and microservice security reviews (OAuth2/OIDC, mTLS, JWT, ABAC/RBAC)
• Strong communication and influence skills—capable of evangelizing secure architecture to VP-level business leaders, product strategists, and engineering leaders.

Nice To Haves

• Experience defining and leading security capability roadmaps, influencing long-term strategy for platform hardening, secure edge architecture, supply chain resilience, and incident-driven control improvements.
• Relevant certifications desirable (AWS Security Specialty, CISSP-ISSAP, GIAC-GDSA/GCSA, CCSP, OSCP), but hands-on architectural experience outweighs certifications.

Responsibilities

• Serve as the technical security architecture authority , partnering with product architects, principal engineers, cloud partners (AWS, Azure, GCP, OCI), and business leaders to embed secure-by-design principles into hardware appliances, multi-tenant SaaS platforms, and globally distributed cloud infrastructure.
• Architect end-to-end security controls and trust boundaries across hybrid infrastructure—firmware and appliance platforms (TPM, secure boot, supply chain), Kubernetes-based microservices, APIs, control-plane services, and multi-cloud SaaS environments with high availability and resilience.
• Lead the creation and enforcement of security reference architectures and reusable design patterns , covering Zero Trust, confidential computing, data protection, SBOM/SLSA-based supply chain integrity, workload identity, runtime security (eBPF), and API authn/authz protections.
• Drive and institutionalize architectural threat modeling (STRIDE, PASTA, attack trees, misuse cases) at the feature, platform, and system levels—directly shaping secure designs before code is written.
• Architect secure implementations of DNS, DHCP, IPAM (DDI) and high-scale network-centric services , ensuring resilience to poisoning, tunneling, spoofing, DDoS, query amplification, misconfiguration, and protocol misuse.
• Define and integrate security control points throughout CI/CD and platform engineering workflows , using Policy-as-Code, IaC scanning, security validation hooks, attestation requirements, and automated enforcement at deployment gates.
• Design, build, and scale security automation and orchestration capabilities using Python/Go, serverless, event-driven frameworks, OPA/Kyverno, and CI/CD integrations to reduce manual toil and accelerate secure delivery.
• Advise and influence engineering and architecture teams through design reviews, secure coding workshops, architecture governance , shaping long-term technical roadmaps and product direction.
• Drive adoption of CNAPP, CWPP, WAF, service mesh security, API gateways, SIEM/SOAR, and cloud-native telemetry for protective monitoring, runtime defense, and incident-ready detection.
• Translate regulatory and compliance requirements (FedRAMP, SOC2, ISO 27001, NIST SP 800-53, CSA CCM, SOX) into actionable, measurable, and auditable technical security control objectives —shifting from audit-driven to architecture-driven alignment.
• Act as a security culture amplifier , mentoring architects and senior engineers, building a broader security-minded engineering community, and elevating the technical bar across the organization.

Benefits

• Comprehensive health coverage, generous PTO, and flexible work options
• Learning opportunities, career-mobility programs, and leadership workshops
• Sixteen paid volunteer hours each year, global employee resource groups, and a “No Jerks” policy that keeps collaboration healthy
• Modern offices with EV charging, healthy snacks (and the occasional cupcake), plus hackathons, game nights, and culture celebrations
• Charitable Giving Program supported by Company Match