Product Security and Privacy Architect

About The Position

Requirements

• Master's Degree, computer science, or similar qualifications.
• At least 3 years in software/product security, application security, or security architecture
• At least 7 years of hands-on software engineering / QA / DevOps earlier in career (or equivalent).
• At least one security or privacy certification (CISSP, CIPT, CSSLP, CEH, ...) is a plus.
• Proven ownership of at least one of: threat modeling program, secure design review governance, audit evidence management, security tooling strategy, penetration testing program or similar.
• Experience contributing to at least one Secure Software Development Lifecycle (SSDL) program, either as a security architect, security champion, or similar role.
• Working knowledge of general principles of application security
• Working knowledge of threat modeling principles.
• Working Knowledge of security standards (OWASP, ISO, NIST, ...).
• Knowledge of security regulations, such as the Radio Equipment Directive (RED), Cyber Resilience Act (CRA), Federal Information Processing Standards (FIPS), and Common Criteria (CC) or equivalent.
• Good understanding of cryptographic principles, including algorithms, key management, and protocols.
• Experience using security tools (SAST, DAST, SCA, Vulnerability Scanners, Secret Scanners).
• Hands-on experience in at least one, preferably more, of these application domains: Embedded device Security, Mobile security, Web & API security, Desktop security.

Nice To Haves

• Experience with Agile/SAFe Methodology is preferred.
• Experience with usage of AI tools in the context of a security program is preferred.
• Cloud infrastructure, Supply Chain, and deployment Security is preferred.

Responsibilities

• Leading day-to-day security/privacy architecture governance, escalating and obtaining approval from the Chief Product Security & Privacy Architect as required.
• Defining corporate wide security and privacy requirements, controls, and standards.
• Defining corporate wide Secure Coding, third-party, deployment policies & other architecture-related standards.
• Defining required training content.
• Defining paved roads/security and privacy-by-design patterns and libraries.
• Leading development of AI-enabled PSP Architecture capabilities: define use cases, requirements, and success criteria.
• Owning the threat modeling framework and quality bars.
• Running/approving security & privacy architecture reviews.
• Leading audit/assessment planning, evidence of expectations, and defensibility.
• Being responsible for tooling selection and integration related to security & privacy architecture domain.
• Architecting compliance, analyzing new regulations and standards to identify gaps in the platform's capabilities, standards, and controls.
• Assessing New Acquisitions Architecture and contributing to due diligence on a needed basis.
• Providing recommendations for risk acceptance and exception requests.
• Providing input on tooling strategy and integration guidance for non-architecture related domains.
• Providing guidance on security requirements for supply chain tooling, pipeline architecture, and associated standards.
• Validating that platform architecture enables enforcement of PSP security controls.
• Providing expert input on exploitability, attack paths, and mitigation options during Incident handling process.
• Providing guidance on true risk vs noise for security tool outputs and penetration tests.
• Providing subject-matter depth during training delivery: advanced Q&A, edge cases, Offer office hours or follow-ups for complex topics

Benefits

• Competitive salary and rewards package
• Competitive benefits and annual leave offering, allowing for work-life balance
• A vibrant, welcoming & inclusive culture
• Extensive career development opportunities and resources to maximize your potential
• To be a part of a global organization that is pioneering the hardware, software and services that allow people to confidently navigate the physical and digital worlds