Product Security Architect
Location: Raleigh, North Carolina
Compensation: >Mid $100s
Education: BA/BS, Masters Appreciated
Certifications: CISSP, CSSLP, CSSP or similar appreciated
What’s In It For You?
SecurityRecruiter.com has been retained by a Global Fortune 500 company to identify and recruit a high-level Product Security Architect. This role is a new role reporting to a hiring decision maker who is known in the company for getting things done that had never been done before. You’ll work in a role where it is unlikely that you’ll face the same tasks every day. Opportunities for learning are exponential. The work you’ll do could have a significant impact not only on my client’s organization but across an entire industry.
This position could provide you with significant career growth in the realm of product security architecture. If your aspirations are different than continuing on as a security architect, this role could be pointed in the direction of leadership for the right candidate. There is flexibility on the part of our client to lean this role in the direction that best fits the chosen candidate.
You will provide technical security leadership to industry partners, suppliers, global product development teams and to business leadership. You’ll be helping this company to expand its depth and breadth of product security capabilities aligned with its product growth strategy.
You will serve as a subject matter expert in the realm of product security as you collaborate with cross-functional teams to align security solutions with evolving product development needs. You will research, design, develop, and implement software, firmware, and product security best practices, policies, requirements, standards, architectures, tools, procedures and more.
Do You Fit?
- This role requires a BA/BS plus 10+ years of diverse experience that includes network, application and system security. You will have prior experience in architecting secure products and solutions. Your experience will include analyzing existing security architectures to identify deficiencies that could be improved upon, creating security architectures from scratch and analyzing threats to stay abreast of future security architecture strategies.
- A CISSP, CSSLP, CSSP or similar certification is preferred.
- In addition to deep technical security architecture skills, you’ll be required to demonstrate collaborative and team building interpersonal skills. This role will place you in front of many audiences that are not as deeply security skilled as you are. You need to possess sound self-awareness to understand how you’re coming across to partners, suppliers, and customers when you interact with them. You need to demonstrate sound emotional intelligence.
- This role could accommodate security architecture skills coming from any of the following angles: Secure Software Development Life Cycle, Cloud Security Architecture or Systems, and Network Integration.
- You’ll demonstrate experience in performing security assessments, security baseline analysis, security requirements, architectural reviews, threat modeling and providing final reviews and recommendations.
- Your background will include experience in operating system hardening, attack surface reduction, protection rings, cryptography, static analysis, least privilege, dynamic analysis, fuzzing, CWE, CVSS, OWASP, SANS, etc.
- You will be able to clearly articulate understanding of at least one of the following security standards: NIST SP800-series, FIPS 140-2, NIST Cybersecurity, Common Criteria, FISMA/FedRAMP, ISO 27000, PCI-DSS, CIS Benchmarks and/or similar.
Required technical skills include
- TCP/IP, TCP, UDP, ICMP, DNS, HTTP, SSH and experience with Windows and Linux.
- Additional preferred technical skills include Cloud Services, Network Storage Solutions, Operating Systems, Firmware, Securing Embedded Systems, Penetration Testing, Vulnerability Assessments, Reverse Engineering, experience with tools such as Burp, Suite pro, Kali, Metasploit, Nmap, Nessus, IDA Pro and similar.
- You’ll closely fit this role if you’ve worked with supply chain security in environments that were globally and culturally diverse.
- A detailed corporate job description will be supplied to qualified candidates.
As an agent of our client, we and our client are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and the basis of disability or any other federal, state or local protected class.