Product Security and Privacy Architect
HID · Austin, TX · 1 wk ago
Engineering$140k/yrFull-time
About the role
As part of the Product Security and Privacy team, reporting to the Chief Product Security & Privacy Architect, you will support product teams in adopting and implementing HID’s security and privacy program.
Responsibilities
- Leading day-to-day security/privacy architecture governance, escalating and obtaining approval from the Chief Product Security & Privacy Architect as required.
- Defining corporate wide security and privacy requirements, controls, and standards.
- Defining corporate wide Secure Coding, third-party, deployment policies & other architecture-related standards.
- Defining required training content.
- Defining paved roads/security and privacy-by-design patterns and libraries.
- Leading development of AI-enabled PSP Architecture capabilities: define use cases, requirements, and success criteria.
- Owning the threat modeling framework and quality bars.
- Running/approving security & privacy architecture reviews.
- Leading audit/assessment planning, evidence of expectations, and defensibility.
- Being responsible for tooling selection and integration related to security & privacy architecture domain.
- Architecting compliance, analyzing new regulations and standards to identify gaps in the platform's capabilities, standards, and controls.
- Assessing New Acquisitions Architecture and contributing to due diligence on a needed basis.
- Providing recommendations for risk acceptance and exception requests.
- Providing input on tooling strategy and integration guidance for non-architecture related domains.
- Providing guidance on security requirements for supply chain tooling, pipeline architecture, and associated standards.
- Validating that platform architecture enables enforcement of PSP security controls.
- Providing expert input on exploitability, attack paths, and mitigation options during Incident handling process.
- Providing guidance on true risk vs noise for security tool outputs and penetration tests.
- Providing subject-matter depth during training delivery: advanced Q&A, edge cases, Offer office hours or follow-ups for complex topics.
Requirements
- Master's Degree, computer science, or similar qualifications.
- At least 3 years in software/product security, application security, or security architecture.
- At least 7 years of hands-on software engineering / QA / DevOps earlier in career (or equivalent).
- At least one security or privacy certification (CISSP, CIPT, CSSLP, CEH, ...) is a plus.
- Proven ownership of at least one of: threat modeling program, secure design review governance, audit evidence management, security tooling strategy, penetration testing program or similar.
- Experience contributing to at least one Secure Software Development Lifecycle (SSDL) program, either as a security architect, security champion, or similar role.
- Working knowledge of general principles of application security.
- Working knowledge of threat modeling principles.
- Working Knowledge of security standards (OWASP, ISO, NIST, ...).
- Knowledge of security regulations, such as the Radio Equipment Directive (RED), Cyber Resilience Act (CRA), Federal Information Processing Standards (FIPS), and Common Criteria (CC) or equivalent.
- Good understanding of cryptographic principles, including algorithms, key management, and protocols.
- Experience using security tools (SAST, DAST, SCA, Vulnerability Scanners, Secret Scanners).
- Hands-on experience in at least one, preferably more, of these application domains: - Embedded device Security - Mobile security - Web & API security - Desktop security.
- Experience with Agile/SAFe Methodology is preferred.
- Experience with usage of AI tools in the context of a security program is preferred.
- Cloud infrastructure, Supply Chain, and deployment Security is preferred.
Qualifications
- Master's Degree, computer science, or similar qualifications.
- At least 3 years in software/product security, application security, or security architecture.
- At least 7 years of hands-on software engineering / QA / DevOps earlier in career (or equivalent).
- At least one security or privacy certification (CISSP, CIPT, CSSLP, CEH, ...) is a plus.
- Proven ownership of at least one of: threat modeling program, secure design review governance, audit evidence management, security tooling strategy, penetration testing program or similar.
- Experience contributing to at least one Secure Software Development Lifecycle (SSDL) program, either as a security architect, security champion, or similar role.
- Working knowledge of general principles of application security.
- Working knowledge of threat modeling principles.
- Working Knowledge of security standards (OWASP, ISO, NIST, ...).
- Knowledge of security regulations, such as the Radio Equipment Directive (RED), Cyber Resilience Act (CRA), Federal Information Processing Standards (FIPS), and Common Criteria (CC) or equivalent.
- Good understanding of cryptographic principles, including algorithms, key management, and protocols.
- Experience using security tools (SAST, DAST, SCA, Vulnerability Scanners, Secret Scanners).
- Hands-on experience in at least one, preferably more, of these application domains: - Embedded device Security - Mobile security - Web & API security - Desktop security.
- Experience with Agile/SAFe Methodology is preferred.
- Experience with usage of AI tools in the context of a security program is preferred.
- Cloud infrastructure, Supply Chain, and deployment Security is preferred.
Skills
- Master's Degree, computer science, or similar qualifications.
- At least 3 years in software/product security, application security, or security architecture.
- At least 7 years of hands-on software engineering / QA / DevOps earlier in career (or equivalent).
- At least one security or privacy certification (CISSP, CIPT, CSSLP, CEH, ...) is a plus.
- Proven ownership of at least one of: threat modeling program, secure design review governance, audit evidence management, security tooling strategy, penetration testing program or similar.
- Experience contributing to at least one Secure Software Development Lifecycle (SSDL) program, either as a security architect, security champion, or similar role.
- Working knowledge of general principles of application security.
- Working knowledge of threat modeling principles.
- Working Knowledge of security standards (OWASP, ISO, NIST, ...).
- Knowledge of security regulations, such as the Radio Equipment Directive (RED), Cyber Resilience Act (CRA), Federal Information Processing Standards (FIPS), and Common Criteria (CC) or equivalent.
- Good understanding of cryptographic principles, including algorithms, key management, and protocols.
- Experience using security tools (SAST, DAST, SCA, Vulnerability Scanners, Secret Scanners).
- Hands-on experience in at least one, preferably more, of these application domains: - Embedded device Security - Mobile security - Web & API security - Desktop security.
- Experience with Agile/SAFe Methodology is preferred.
- Experience with usage of AI tools in the context of a security program is preferred.
- Cloud infrastructure, Supply Chain, and deployment Security is preferred.
Benefits
- Competitive salary and rewards package
- Competitive benefits and annual leave offering, allowing for work-life balance
- A vibrant, welcoming & inclusive culture
- Extensive career development opportunities and resources to maximize your potential
- To be a part of a global organization that is pioneering the hardware, software and services that allow people to confidently navigate the physical and digital worlds
Pay
- Base salary in the United States is $140,000 USD to $160,000 USD.
Schedule
- Remote (US & Europe)