Principal Product Security Architect

Technical and operational excellence, thought leadership, and integrative thinking.

• Expert knowledge and practical product and software security experience, including secure SDLC practices, security and privacy by design architectures, and secure by default configurations.
• Strong problem-solving skills to analyze cybersecurity issues and requirements (legal/regulatory, policy, customer, industry standards) and relate them to appropriate security controls.
• Demonstrated ability to lead change initiatives that intelligently manage software cyber risks.
• Proven ability to deliver results using agile methodologies and tools (e.g. Scrum/Kanban, Jira).
• Understanding of agile software development and continuous integration/deployment.
• Practical experience with Linux OS, programming and scripting languages (e.g. Java, Python, Perl), and security tools (e.g. Kali, Nessus, Netsparker, openVAS, BurpSuite, Metaspolit).
• Understanding of embedded systems architectures (e.g. ARM, Cortex), embedded systems tools/emulators, RTOS/Linux, network protocols and programming languages (such as C/C++).
• Understanding of penetration testing, reverse engineering, software attack vectors, fault injection, device fingerprinting, and tamper resistance.
• Understanding TPM, Secure Boot, OTP, PKI, SPI/I2C bus analyzers, JTAG probing.
• Knowledge of current security threats and techniques for exploiting software vulnerabilities.
• Understanding of web and mobile application secure design principles such as OWASP.
• Understanding of data protection, secure cloud, and network infrastructure design principles.
• Familiarity with technology risk management related frameworks such as RMF, NIST 800-53, ISA/IEC 62443, UL CAP, ISO 27001, GDPR, CSL, CSA, SOC 2 and other comparable.
• Experience with Operational Technologies (e.g. Controls Systems, Building Management) a plus.
• Superior interpersonal, organizational, written/verbal communication, and presentation skills.
• Ability to build trust with stakeholders and explain complex security topics to all audiences.

Active participation in hackathons, cybersecurity competitions, and exercises are a plus.

• CSSLP, CISSP, CCSP, OSCP, CEH or related cybersecurity certifications.
• Bachelors degree in Cybersecurity, Computer Science, Engineering, Information Systems, or related technical degree.
• Minimum of 7 years of experience with at least 5 years in software or product cybersecurity.
• Travel is occasional at approximately 10%, including international.