Product Security Architect

About The Position

Requirements

• Bachelor's degree in engineering, computer science, information technology or similar field with 14 years of experience in software development, security engineering, and/or compliance.
• Master’s Degree is preferred and 12 years of related experience.
• Preferred is a certified security professional (CSSLP, CISM, CISSP, CEH, or similar).
• Direct experience mobilizing one or more security standards/certifications/models like OWASP SAMM, IEC 62443, ISO 21434, NIST 800-218, FIPS 140-3, DISA STIG, Common Criteria, CMMC, FedRamp, etc.
• Practical experience with the NIST 800 series of security standards, including 800-53, 800-171, and others.
• Experience mobilizing secure software development techniques across an organization such as training, workshops, or similar.
• Demonstrated experience using agile techniques and frameworks to deliver secure software.
• Excellent verbal and written, management level and customer communication skills.
• This position will perform work that the U.S. government has specified can only be performed by a U.S. citizen on U.S. soil, and therefore any offer will be contingent upon verification of both of these requirements.

Nice To Haves

• Preferred experience with the European Union (EU) security regulatory environment including the Cyber Resilience Act (CRA).
• Preferred experience with national security systems and standards (CNSS, etc.).
• Preferred working knowledge of risk management frameworks and risk-based secure software development.
• Preferred experience with AI and Machine learning and their governance and provenance in a secure software development environment.
• Preferred working knowledge of related quality and safety assurance standards such as ASPICE, ISO 26262, or DO-178C.

Responsibilities

• Work and collaborate with customer, product, engineering, and operations teams to ensure high levels of product security trust with a scalable, compliance-driven mindset, across all products
• Architect the product security trust roadmap and scale the compliance framework to meet emerging and future business priorities.
• Empower product security compliance frameworks across engineering and aligned to the CTO Office, Product Management, IT, Legal, InfoSec, and SecOps.
• Empower product security champions throughout product engineering.
• Manage customer product security trust and compliance.
• Training, mentoring, and supporting development teams to follow secure development values, principles, and practices.
• Direct experience with product security assurance techniques including Threat Modeling, Security Testing, Vulnerability Management, Software Composition, etc.
• Experience in software engineering models and techniques.
• Experience empowering security compliance broadly across an organization.
• Broad-based experience with global security regulations, frameworks, and standards.
• Exposure to customer compliance and remediations (Questionnaire’s, Audits, Contracts, etc.)
• Ability to analyze and think quickly and to resolve conflict.
• Strong communication, interpersonal, and mentoring skills.
• Ability to work effectively across the organization.
• Ability to adapt to a changing environment.

Benefits

• Hybrid work model for workplace flexibility
• Comprehensive health, dental, and life insurance
• Short and long-term disability coverage
• RRSP matching for financial security
• Flexible time-off policies for work-life balance
• Employee assistance program for mental well-being
• Learning benefits, including a LinkedIn Learning subscription and seminars