In this role, you'll ensure our ML/AI platform remains secure while driving innovation within our research team.
As a Product Security Architect, you will:
- Design secure systems and conduct threat modeling for new and existing features.
- Review, identify and mitigate security risks in architecture, applications, and infrastructure levels.
- Perform regular security assessments and audits to identify vulnerabilities and ensure compliance with security standards.
- Develop, maintain, and audit information security policies and guidelines.
- Actively influence the product and services roadmap and security implementation.
- Continually improve Secure Development Lifecycle (SDLC) practices within R&D and Product units.
- Integrate security best practices into CI/CD pipelines and development workflows.
- Ensure the effectiveness of processes and controls to meet multiple standards, regulations, and audits, such as ISO27001, PCI-DSS, and more.
- Provide guidance and mentorship to development teams on secure coding practices and security principles.
- Collaborate with cross-functional teams, including developers, product managers, DevOps and more, to ensure security is integrated into all aspects of the R&D.
- Communicate security risks and recommendations to technical and non-technical stakeholders effectively.
- Review new tools and processes to detect security threats.
- For management review, generate regular reports on security posture, vulnerabilities, and compliance status.
You should apply if you have:
- 8+ years of experience in Information Security.
- Extensive experience in designing, implementing, and managing security architectures for complex applications.
- Deep understanding of application security principles, frameworks, and standards (e.g., OWASP, NIST).
- Strong knowledge of authentication, authorization, encryption, and other security protocols.
- Hands-on experience designing and building secure web/mobile applications, systems, or networks.
- Familiarity with security methodologies and industry standards (e.g., ISO27001, PCI-DSS, GDPR).
- Proficiency in secure software development practices, including Secure Software Development Life Cycle (SSDLC) and DevSecOps practices.
- Experience securing Cloud environments (AWS, GCP, and/or Azure) and networks.
- Ability to conduct risk assessments, threat modeling, and vulnerability assessments.
- Experience in conducting security reviews, code audits, and threat modeling during the development process.
- Excellent communication skills, both written and verbal, to effectively convey security concepts to technical and non-technical stakeholders.
- Proven leadership skills with the ability to mentor and guide security team members.
- Strong collaboration skills to work with cross-functional teams, including developers, product managers, and DevOps.
for more details.