Jobs · Engineering · Texas

Product Security and Privacy Architect

HID · Austin, TX · 1 wk ago
Engineering$140k/yrFull-time

About the role

As part of the Product Security and Privacy team, reporting to the Chief Product Security & Privacy Architect, you will support product teams in adopting and implementing HID’s security and privacy program.

Responsibilities

  • Leading day-to-day security/privacy architecture governance, escalating and obtaining approval from the Chief Product Security & Privacy Architect as required.
  • Defining corporate wide security and privacy requirements, controls, and standards.
  • Defining corporate wide Secure Coding, third-party, deployment policies & other architecture-related standards.
  • Defining required training content.
  • Defining paved roads/security and privacy-by-design patterns and libraries.
  • Leading development of AI-enabled PSP Architecture capabilities: define use cases, requirements, and success criteria.
  • Owning the threat modeling framework and quality bars.
  • Running/approving security & privacy architecture reviews.
  • Leading audit/assessment planning, evidence of expectations, and defensibility.
  • Being responsible for tooling selection and integration related to security & privacy architecture domain.
  • Architecting compliance, analyzing new regulations and standards to identify gaps in the platform's capabilities, standards, and controls.
  • Assessing New Acquisitions Architecture and contributing to due diligence on a needed basis.
  • Providing recommendations for risk acceptance and exception requests.
  • Providing input on tooling strategy and integration guidance for non-architecture related domains.
  • Providing guidance on security requirements for supply chain tooling, pipeline architecture, and associated standards.
  • Validating that platform architecture enables enforcement of PSP security controls.
  • Providing expert input on exploitability, attack paths, and mitigation options during Incident handling process.
  • Providing guidance on true risk vs noise for security tool outputs and penetration tests.
  • Providing subject-matter depth during training delivery: advanced Q&A, edge cases, Offer office hours or follow-ups for complex topics.

Requirements

  • Master's Degree, computer science, or similar qualifications.
  • At least 3 years in software/product security, application security, or security architecture.
  • At least 7 years of hands-on software engineering / QA / DevOps earlier in career (or equivalent).
  • At least one security or privacy certification (CISSP, CIPT, CSSLP, CEH, ...) is a plus.
  • Proven ownership of at least one of: threat modeling program, secure design review governance, audit evidence management, security tooling strategy, penetration testing program or similar.
  • Experience contributing to at least one Secure Software Development Lifecycle (SSDL) program, either as a security architect, security champion, or similar role.
  • Working knowledge of general principles of application security.
  • Working knowledge of threat modeling principles.
  • Working Knowledge of security standards (OWASP, ISO, NIST, ...).
  • Knowledge of security regulations, such as the Radio Equipment Directive (RED), Cyber Resilience Act (CRA), Federal Information Processing Standards (FIPS), and Common Criteria (CC) or equivalent.
  • Good understanding of cryptographic principles, including algorithms, key management, and protocols.
  • Experience using security tools (SAST, DAST, SCA, Vulnerability Scanners, Secret Scanners).
  • Hands-on experience in at least one, preferably more, of these application domains: - Embedded device Security - Mobile security - Web & API security - Desktop security.
  • Experience with Agile/SAFe Methodology is preferred.
  • Experience with usage of AI tools in the context of a security program is preferred.
  • Cloud infrastructure, Supply Chain, and deployment Security is preferred.

Qualifications

  • Master's Degree, computer science, or similar qualifications.
  • At least 3 years in software/product security, application security, or security architecture.
  • At least 7 years of hands-on software engineering / QA / DevOps earlier in career (or equivalent).
  • At least one security or privacy certification (CISSP, CIPT, CSSLP, CEH, ...) is a plus.
  • Proven ownership of at least one of: threat modeling program, secure design review governance, audit evidence management, security tooling strategy, penetration testing program or similar.
  • Experience contributing to at least one Secure Software Development Lifecycle (SSDL) program, either as a security architect, security champion, or similar role.
  • Working knowledge of general principles of application security.
  • Working knowledge of threat modeling principles.
  • Working Knowledge of security standards (OWASP, ISO, NIST, ...).
  • Knowledge of security regulations, such as the Radio Equipment Directive (RED), Cyber Resilience Act (CRA), Federal Information Processing Standards (FIPS), and Common Criteria (CC) or equivalent.
  • Good understanding of cryptographic principles, including algorithms, key management, and protocols.
  • Experience using security tools (SAST, DAST, SCA, Vulnerability Scanners, Secret Scanners).
  • Hands-on experience in at least one, preferably more, of these application domains: - Embedded device Security - Mobile security - Web & API security - Desktop security.
  • Experience with Agile/SAFe Methodology is preferred.
  • Experience with usage of AI tools in the context of a security program is preferred.
  • Cloud infrastructure, Supply Chain, and deployment Security is preferred.

Skills

  • Master's Degree, computer science, or similar qualifications.
  • At least 3 years in software/product security, application security, or security architecture.
  • At least 7 years of hands-on software engineering / QA / DevOps earlier in career (or equivalent).
  • At least one security or privacy certification (CISSP, CIPT, CSSLP, CEH, ...) is a plus.
  • Proven ownership of at least one of: threat modeling program, secure design review governance, audit evidence management, security tooling strategy, penetration testing program or similar.
  • Experience contributing to at least one Secure Software Development Lifecycle (SSDL) program, either as a security architect, security champion, or similar role.
  • Working knowledge of general principles of application security.
  • Working knowledge of threat modeling principles.
  • Working Knowledge of security standards (OWASP, ISO, NIST, ...).
  • Knowledge of security regulations, such as the Radio Equipment Directive (RED), Cyber Resilience Act (CRA), Federal Information Processing Standards (FIPS), and Common Criteria (CC) or equivalent.
  • Good understanding of cryptographic principles, including algorithms, key management, and protocols.
  • Experience using security tools (SAST, DAST, SCA, Vulnerability Scanners, Secret Scanners).
  • Hands-on experience in at least one, preferably more, of these application domains: - Embedded device Security - Mobile security - Web & API security - Desktop security.
  • Experience with Agile/SAFe Methodology is preferred.
  • Experience with usage of AI tools in the context of a security program is preferred.
  • Cloud infrastructure, Supply Chain, and deployment Security is preferred.

Benefits

  • Competitive salary and rewards package
  • Competitive benefits and annual leave offering, allowing for work-life balance
  • A vibrant, welcoming & inclusive culture
  • Extensive career development opportunities and resources to maximize your potential
  • To be a part of a global organization that is pioneering the hardware, software and services that allow people to confidently navigate the physical and digital worlds

Pay

  • Base salary in the United States is $140,000 USD to $160,000 USD.

Schedule

  • Remote (US & Europe)

Similar jobs