Product Security Architect

About The Position

Requirements

• 7+ years in Product Security, Application Security, Security Architecture, or Software Security Engineering
• Deep, practical experience with threat modeling, attack surface analysis, secure design reviews, and architecture risk analysis at scale, not just in theory
• Strong understanding of cloud-native systems, APIs, endpoint agents, thick clients, and identity/security platforms
• Hands-on experience using LLM platforms (Claude, OpenAI, or similar) in engineering or security workflows. We'll ask you how you've used them and what you've learned about where they work and where they don't
• Ability to influence engineering and product teams. You should not have a mindset to block releases but to be persuasive, credible, and practical
• Builder mindset, you've created scalable security workflows, frameworks, or enablement programs, not just consumed them

Nice To Haves

• Experience building AI-native security workflows, plugins, agents, or developer tooling
• Background in securing endpoint technologies, identity systems, or enterprise security platforms
• Offensive security experience or adversarial testing background, understanding how attackers think sharpens everything else
• Cloud security experience across AWS, Azure, or Kubernetes environments

Responsibilities

• Lead threat modeling, attack surface analysis, and secure design reviews across products, platform services, endpoint agents, and cloud-native systems. The goal isn't producing threat model documents but recommending architectural decisions that eliminate unnecessary exposure and working with engineering to change them.
• Use LLM platforms (Claude, OpenAI) as core tools to scale threat analysis, abuse-case generation, architecture review, and remediation guidance. Build and refine prompts, plugins, skills, and agent workflows that make the team faster and more consistent. You'll be extending an existing AI-first practice, not building one from scratch.
• Work directly with engineering teams to embed secure-by-default patterns into product development. This means being present in design reviews, proposing concrete alternatives when you identify risk, and building self-service security capabilities (playbooks, reusable patterns, automated workflows) that let engineers make secure decisions without waiting on us.
• Own and expand the Product Security handbook that inferences product context from multiple sources and leverage it for enforcing secure design standards, architecture guidance, and engineering best practices. The handbook is a living system that feeds our AI workflows, not a static wiki nobody reads.
• Mentor Product Security Engineers and Security Champions on secure design, attack surface reduction, and AI-first security workflows. Help engineers across the org develop a security-focused mindset, not just follow checklists.
• Help evolve BeyondTrust's AI-first Product Security Architecture strategy by identifying where AI workflows can replace manual processes, where they need human oversight, and where the next capability gaps are.

Benefits

• Diversity. Inclusion. They’re more than just words for us. They are the guiding values of how we build our teams, cultivate leaders, and create a culture where people feel connected.
• We take care of our employees so they can take care of our customers. Customers who come from all walks of life just like us. We hire incredible people from diverse backgrounds because when we are different together, we are stronger together.