Principal Technologist - Product Security

About The Position

Requirements

• 15+ years in cloud/platform engineering, embedded systems, or cybersecurity with deep architectural ownership.
• Expertise in product security, including threat modeling, secure architecture, and vulnerability management.
• Strong knowledge of: Kubernetes Security Hardening - RBAC, Secrets, Encryption, Security Policies.
• Strong knowledge of: Certificate Management, PKI, EJBCA, cert-manager.
• Strong knowledge of: Authentication mechanisms: OIDC, LDAP, Active Directory.
• Strong knowledge of: Linux internals, kernel security, container hardening and breakout protection.
• Strong knowledge of: Practical cryptography algorithms and application.
• Strong knowledge of: Hardware root of trust (TPM, UEFI Secure Boot, Trusted Boot).
• Strong knowledge of: CIS Benchmarks for Linux and Kubernetes.
• Strong knowledge of: Virtualization technologies (KVM, QEMU, etc.).
• Strong knowledge of: Cloud networking, SDN/NFV, microservices security.
• Hands-on experience with CI/CD security, SAST, DAST, container scanning, SBOM generation.
• Proven ability to lead complex cross‑organizational security initiatives.

Nice To Haves

• Experience with private cloud infrastructure, Titanium Cloud, or telecom / industrial - grade cloud infrastructure.
• Background in telco (5G), aerospace/defense, industrial IoT, or other safety/security‑critical domains.
• Familiarity with Yocto, embedded Linux, RTOS environments.
• Participation in open-source security initiatives or upstream kernel/cloud projects.
• Advanced degree in Computer Science, Electrical Engineering, Cybersecurity, or similar field.

Responsibilities

• Define and evolve the security architecture for Wind River Private Cloud Platform, including control plane components, hypervisors, networking stacks, and orchestration frameworks.
• Lead threat modeling, security risk assessments, and mitigation strategies across distributed cloud/edge environments.
• Establish platform security requirements, secure design patterns, and architectural principles.
• Detailed architecture and design definition of individual product security features.
• Providing direction and specific requirement input to development teams.
• Working with business team and customers to define/clarify requirements.
• Evaluating and proposing technology choices.
• Drive secure-by-default configurations across compute, storage, networking, and platform services.
• Own the security roadmap for the platform, ensuring alignment with industry standards (NIST, CIS, FIPS, etc.).
• Oversee vulnerability management, secure boot, runtime integrity measures, API security, and cryptographic services.
• Partner with product, engineering, and QA teams to embed security throughout SDLC (shift‑left security).
• Serve as the top technical expert and advisor for product security across cloud, containerization, virtualization, and real‑time/edge systems.
• Mentor senior engineers and influence engineering directors and executives on cybersecurity tradeoffs and priorities.
• Represent the organization in security reviews, customer briefings, escalations, and cross-functional technical committees.
• Guide secure deployment patterns and operational security practices for private cloud customers.
• Support incident investigation, root‑cause analysis, and remediation for platform-level vulnerabilities.
• Define and enforce policies for SBOM, supply chain integrity, CI/CD security, and secure artifact distribution.
• Collaborate with teams across Wind River Studio ecosystem (edge platform, analytics, DevSecOps tooling).
• Represent Wind River in standards bodies and industry working groups (ETSI, CNCF, Linux Foundation, etc.).
• Partner with customer engineering teams on secure deployment architectures for telecom and mission‑critical environments.