Jobs · Art & Creative · Texas

Principal Architect, Product Security

Infoblox · Texas, United States · 6 days ago
HybridArt & Creative$195k–$300k/yrFull-time

Principal Architect, Product Security

Serve as the security architecture authority within the architecture organization, partnering with product architects, principal engineers, cloud partners (AWS, Azure, GCP, OCI), and business leaders to embed secure-by-design principles into hardware appliances, multi-tenant SaaS platforms, and globally distributed cloud infrastructure.

  • Architect end-to-end security controls and trust boundaries across hybrid infrastructure—firmware and appliance platforms (TPM, secure boot, supply chain), Kubernetes-based microservices, APIs, control-plane services, and multi-cloud SaaS environments with high availability and resilience.
  • Lead the creation and enforcement of security reference architectures and reusable design patterns, covering Zero Trust, confidential computing, data protection, SBOM/SLSA-based supply chain integrity, workload identity, runtime security (eBPF), and API authn/authz protections.
  • Drive and institutionalize architectural threat modeling (STRIDE, PASTA, attack trees, misuse cases) at the feature, platform, and system levels—directly shaping secure designs before code is written.
  • Architect secure implementations of DNS, DHCP, IPAM (DDI) and high-scale network-centric services, ensuring resilience to poisoning, tunneling, spoofing, DDoS, query amplification, misconfiguration, and protocol misuse.
  • Define and integrate security control points throughout CI/CD and platform engineering workflows, using Policy-as-Code, IaC scanning, security validation hooks, attestation requirements, and automated enforcement at deployment gates.
  • Lead and influence architecture reviews and governance forums, shaping long-term technical roadmaps and product direction to meet security and reliability objectives.
  • Drive adoption of CNAPP, CWPP, WAF, service mesh security, API gateways, SIEM/SOAR, and cloud-native telemetry for protective monitoring, runtime defense, and incident-ready detection.
  • Translate regulatory and compliance requirements (FedRAMP, SOC2, ISO 27001, NIST SP 800-53, CSA CCM, SOX) into actionable, measurable, and auditable security architecture control objectives—shifting from audit-driven to architecture-driven alignment.
  • Act as a security culture amplifier, mentoring architects and senior engineers, building a broader security-minded engineering community, and elevating the technical bar across the organization.

Required Experience:

  • 15+ years of Security Engineering and Architecture experience, including principal- or architect-level leadership designing secure SaaS, appliance-based, or cloud-native platforms at global scale.
  • Proven ability to architect secure multi-cloud (AWS, GCP, Azure, OCI) platforms, including identity federation, VPC/network isolation, workload identity, secrets lifecycle, and secure control-plane design.
  • Deep expertise in securing: Container and Kubernetes ecosystems (EKS, GKE, AKS, Istio, Envoy, Pod Security, eBPF, runtime protection), Infrastructure-as-Code and platform engineering workflows (Terraform, Helm, CloudFormation, Kustomize, Pulumi), Protocol-heavy systems (DNS, DHCP, IPAM / DDI architecture, control-plane security, service segmentation, and abuse prevention).
  • Strong knowledge of secure architecture patterns, including Zero Trust, secure edge computing, secure boot, TPM, firmware integrity, remote attestation, confidential computing, and supply chain integrity (SBOM, SLSA, SCVS).
  • Strong track record of architecting and implementing security automation, using language fluency in Python, Go, Rust, or Shell to build scalable tools, runtime validation frameworks, and detection/response integrations.
  • Demonstrated experience translating compliance frameworks (FedRAMP High, SOC2, NIST 800-53, ISO 27001, SOX, CSA CCM) into engineering-enforceable technical control architectures.
  • Hands-on experience conducting and leading: Threat modeling (STRIDE, PASTA, attack trees, misuse cases), Secure code reviews (Python, Go, Rust, C/C++, Lua, Shell), API and microservice security reviews (OAuth2/OIDC, mTLS, JWT, ABAC/RBAC).
  • Experience defining and leading security capability roadmaps, influencing long-term strategy for platform hardening, secure edge architecture, supply chain resilience, and incident-driven control improvements.
  • Strong communication and influence skills—capable of evangelizing secure architecture to VP-level business leaders, product strategists, and engineering leaders.

Desired Certifications:

  • AWS Security Specialty
  • CISSP-ISSAP
  • GIAC-GDSA/GCSA
  • CCSP
  • OSCP

Similar jobs