Principal Security Architect, Cloud & Infrastructure
Cambridge Mobile Telematics · Massachusetts, United States · 1 wk ago
HybridInformation TechnologyFull-time
About the role
Help us make the world's roads and drivers safer.
CMT is hiring a Principal Security Architect I, Cloud & Infrastructure to own the security architecture of CMT's products, from mobile SDKs and APIs to the services that power our platform. This role requires setting the technical direction for product security and influencing engineering teams to deliver secure solutions.
Responsibilities
- Own the end-to-end security architecture for CMT's products, including mobile SDKs, backend services, APIs, data pipelines, and partner integrations
- Define security standards, reference architectures, and engineering guardrails, and drive adoption across teams
- Embed security into the SDLC through threat modeling, secure design reviews, and actionable engineering requirements
- Lead threat modeling and translate findings into prioritized engineering work
- Define application security strategy for testing, secure coding, secrets management, and software supply chain security
- Own security architecture for protecting sensitive driver and location data
- Define security architecture and guardrails for AI/ML features and AI development tools
- Own the AppSec and Product Security roadmap, including technology strategy and prioritization
- Serve as the senior security authority for architecture reviews, risk decisions, and technical guidance
- Support customer and partner security reviews and mentor engineers on secure design
- Complete any additional tasks as they arise
Qualifications
- Bachelor’s degree or equivalent years of experience and/or certification in a related field
- 7+ years of experience in security, with deep, hands-on expertise in application and product security architecture
- Proven ability to provide technical leadership and drive security initiatives through influence
- Strong software engineering foundation with experience reviewing code and system architecture
- Deep knowledge of threat modeling, secure SDLC, OWASP, authentication, cryptography, API security, and mobile security
- Experience securing products that process sensitive personal data and support regulatory requirements
- Working knowledge of AI/ML and LLM security, including secure AI adoption
Nice to Haves
- Experience with mobile SDK security, reverse engineering, and anti-tampering
- Familiarity with data-intensive architectures and ML-driven products
- Experience developing AI governance or secure AI adoption programs
- Experience in telematics, IoT, connected vehicles, fintech, or other high-trust industries
- Relevant certifications such as CSSLP, OSCP, or GWEB