Job Description

Job Summary (List Format): Information Security Architect
- Lead security architecture design for both cloud-native and on-premise product deployments.
- Conduct and drive threat modeling (using SD Elements, STRIDE, PASTA, etc.) to identify and address design risks.
- Integrate and enforce security in DevSecOps processes, including CI/CD automation, SAST/DAST, container scanning, IaC security, and secrets management.
- Define, implement, and maintain security patterns, controls, and reference architectures for product teams.
- Perform secure design reviews, risk assessments, and recommend/implement mitigation strategies.
- Review software designs, code, third-party libraries, and cloud configurations for security compliance.
- Collaborate with product, engineering, QA, and DevOps teams to embed security early in the development lifecycle.
- Provide subject matter expertise, training, and guidance on security best practices.
- Monitor emerging security threats, vulnerabilities, and tools relevant to product security.
- Partner with governance, risk, and compliance teams to support audits and alignment with standards (ISO 27001, NIST, OWASP).
Required Qualifications:
- 6+ years of experience in information security architecture/product security roles.
- Hands-on experience in vulnerability analysis, secure architecture, and design reviews.
- Experience securing CI/CD pipelines and using security tools (SAST/DAST, container scanning, secrets detection).
- Proven skills in threat modeling and security frameworks (SD Elements, STRIDE, PASTA).
- Mandatory CISSP certification.
- Strong cross-functional collaboration and communication skills.
Preferred Skills:
- Experience with cloud security architecture (AWS, Azure, GCP).
- Familiarity with SD Elements platform.
- Skills in secure infrastructure-as-code (Terraform, CloudFormation).
- Exposure to agile DevSecOps practices and related tooling.
- Additional certifications (CCSP, CSA CCSK, CISM, etc.).

Skills Required