Product Security Architect
AthenaPalo Alto, CA, United States1 day ago
Job type
- Full-time
Job descriptionPerform in-depth security assessments of products at the code, configuration, and architectural levels Identify security vulnerabilities, weaknesses, and gaps in existing and proposed product implementations Conduct code reviews with a focus on security, analyzing Java, Python, and React codebases for security flaws Evaluate third-party integrations, APIs, and dependencies for security risks Partner closely with development teams to integrate security controls and best practices into the software development lifecycle Work with QE teams to develop security test strategies, including penetration testing, vulnerability scanning, and security automation Provide security guidance and mentorship to engineering teams, fostering a security-first culture Translate complex security concepts into clear, actionable recommendations for technical and non-technicaål stakeholders Design and implement security controls for cloud infrastructure and services (AWS, Azure, GCP) Architect and implement IAM strategies including role-based access control (RBAC), attribute-based access control (ABAC), least privilege principles, and identity federation Design secure network architectures including VPCs, security groups, network ACLs, microsegmentation, and zero-trust network access Establish cloud configuration security standards and guardrails to prevent misconfigurations and ensure secure-by-default deployments Ensure proper implementation of cloud security best practices including data encryption (at rest and in transit), secrets management, and compliance Monitor and respond to emerging cloud security threats and vulnerabilities Establish and maintain security standards, policies, and procedures aligned with industry frameworks Support compliance efforts including SOC 2, ISO 27001, GDPR, and other relevant standards Stay current with evolving security threats, vulnerabilities, and industry best practices 8+ years of experience in information security, with at least 5 years specifically in product security architecture Proven track record as a Product Security Architect in a SaaS or cloud-based company Extensive experience with threat modeling methodologies (STRIDE, PASTA, or similar) Hands-on experience identifying and remediating security vulnerabilities in production environments Strong background working collaboratively with development and QE teams in agile environments Deep understanding of secure coding practices and common vulnerability patterns (OWASP Top 10, CWE / SANS Top 25) Proficiency in code-level security analysis across multiple languages, particularly Java, Python, and React / JavaScript Strong knowledge of cloud security architectures and services (AWS, Azure, or GCP) Expert-level knowledge of IAM principles and implementation including multi-factor authentication, single sign-on, privileged access management, service accounts, and identity lifecycle management Deep understanding of network security including firewalls, IDS / IPS, VPN, TLS / SSL, DDoS protection, API gateways, and secure network segmentation Extensive experience with cloud configuration security including infrastructure-as-code security, cloud security posture management, configuration drift detection, and automated compliance checking Experience with authentication and authorization frameworks (OAuth 2.0, OpenID Connect, SAML, JWT, RBAC, ABAC) Understanding of containerization and orchestration security (Docker, Kubernetes) Knowledge of API security, microservices architecture, and distributed systems security Familiarity with DevSecOps practices and security automation tools (SAST, DAST, SCA) CISSP (Certified Information Systems Security Professional) required Additional relevant certifications valued : Cloud security : CCSP, AWS Certified Security Specialty, Azure Security Engineer, Google Cloud Professional Security Engineer Security architecture : CSSLP, SABSA Penetration testing : CEH, OSCP, GPEN Network security : CCNP Security, GIAC certifications Experience with Infrastructure as Code (Terraform, CloudFormation) and security policy as code Knowledge of zero-trust architecture principles and implementation Experience with security incident response and vulnerability management programs Background in software development or engineering Experience with regulatory compliance frameworks and security audits Published security research, conference presentations, or contributions to open-source security projects Master's degree in Computer Science, Cybersecurity, or related field Java (enterprise application security) Python (security automation, scripting) JavaScript / React (frontend security) Additional languages a plus (Go, Rust, C / C++) SAST / DAST tools (Checkmarx, Fortify, Veracode, etc.) Vulnerability scanners and penetration testing tools Security information and event management (SIEM) platforms Cloud security posture management (CSPM) tools AWS, Azure, or Google Cloud Platform IAM services (AWS IAM, Azure AD, GCP IAM, identity federation) Network security services (VPC, Security Groups, Network ACLs, WAF, Cloud Firewall) Cloud configuration management and security scanning tools Cloud-native security services and controls (GuardDuty, Security Hub, Azure Defender, Security Command Center) Secrets management (AWS Secrets Manager, Azure Key Vault, HashiCorp Vault) Serverless architecture security CI / CD pipelines and security integration Version control systems (Git) Containerization and orchestration Agile / Scrum methodologies Strong analytical and problem-solving skills with attention to detail Excellent communication skills with the ability to influence and educate diverse audiences Self-motivated with the ability to work independently and as part of a team Passionate about security and staying ahead of emerging threats Pragmatic approach to balancing security with business needs and user experience Opportunity to shape security architecture for cutting-edge Cybersecurity SaaS products Collaborative environment with highly talented engineering teams Professional development and growth opportunities Competitive compensation and benefits package
Product Security Architect
Position Overview
We are seeking an experienced Product Security Architect to join our Security Center of Excellence team and lead security initiatives across our cloud-based SaaS product portfolio. This role requires a unique blend of deep technical expertise, architectural vision, and collaborative leadership to ensure our products are built with security at their core. The ideal candidate will work at the intersection of security, development, and product design to create robust, secure solutions that protect our customers and their data.
Key Responsibilities
Security Architecture & Design
- Design and implement comprehensive security architectures for cloud-based SaaS products, ensuring security is embedded throughout the product lifecycle
- Conduct thorough threat modeling exercises for new and existing product features, identifying potential vulnerabilities and attack vectors
- Define security requirements, patterns, and best practices for product development teams
- Review and approve architectural designs from a security perspective, providing actionable guidance and recommendations
Product Security Assessment
Collaboration & Enablement
Cloud & Infrastructure Security
Security Standards & Compliance
Required Qualifications
Experience
Technical Expertise
Certifications
Preferred Qualifications
Technical Skills
Programming & Scripting :
Security Tools & Platforms :
Cloud Platforms & Configuration :
Development & DevOps :
Personal Attributes
What We Offer
We are an equal opportunity employer and value diversity in our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Create a job alert for this search
Security Architect • Palo Alto, CA, United States
Related jobs
A leading software company is seeking an AI Security Architect to design and advise on security strategies for AI systems.
You will define the strategy and technical implementation of secure AI deve...Show moreLast updated: 20 hours ago
Imagine what you could do here! At Apple, new ideas have a way of becoming extraordinary products, services, and customer experiences very quickly.
Bring passion and dedication to your job and there...Show moreLast updated: 30+ days ago
Airtable is the no-code app platform that empowers people closest to the work to accelerate their most critical business processes.
More than 500,000 organizations, including 80% of the Fortune 100,...Show moreLast updated: 1 day ago
Verkada is a leader in cloud-based B2B physical security.Verkada offers six product lines — video security cameras, access control, environmental sensors, alarms, workplace and intercoms — integrat...Show moreLast updated: 30+ days ago
To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.
Salesforce is the #1 AI CRM, where humans with age...Show moreLast updated: 4 days ago
Senior Security Architect Job Duties : Enhances security team accomplishments and competence by planning deliv...Show moreLast updated: 30+ days ago
Federal Reserve Bank of Boston Federal Reserve Financial Services (FRFS) delivers a suite of payments services to financial institutions via FedLine Solutions, FedNow Service, Fedwire, National Set...Show moreLast updated: 4 days ago
CyberArk (NASDAQ : CYBR), is the global leader in Identity Security.Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity - human or m...Show moreLast updated: 9 hours ago
We are looking for an early‑career Security Engineer to join our Product Security team, someone who has a builder’s mindset, is eager to learn, and is excited to contribute to both planned initiati...Show moreLast updated: 2 days ago
At Palo Alto Networks® everything starts and ends with our mission : .Being the cybersecurity partner of choice, protecting our digital way of life.
Our vision is a world where each day is safer and m...Show moreLast updated: 30+ days ago Be among the first 25 applicants.Salesforce is the #1 AI CRM, where humans with agents drive customer success together.And innovation isn’t a buzzword — it’s a way of life.The world of work as we k...Show moreLast updated: 20 hours ago 
We are looking for an early-career Security Engineer to join our Product Security team, someone who has a builder’s mindset, is eager to learn, and is excited to contribute to both planned initiati...Show moreLast updated: 4 days ago
Cohesity is a leader in AI-powered data security and management.Aided by an extensive ecosystem of partners, Cohesity makes it easy to secure, protect, manage, and get value from data — across the ...Show moreLast updated: 30+ days ago
Senior Product Security Engineer.Senior Product Security Engineer.You’ll work across product, infrastructure, and data pipelines to proactively identify risks, embed security into core features, an...Show moreLast updated: 30+ days ago
Elastic, the Search AI Company, enables everyone to find the answers they need in real time, using all their data, at scale - unleashing the potential of businesses and people.The Elastic Search AI...Show moreLast updated: 1 day ago
Casca is building AGI for banking.We’re replacing decades-old legacy systems with AI-native technology that automates 90% of the manual work humans once had to do.
We're seeking a Product Security E...Show moreLast updated: 30+ days ago
Solutions Architect needed to design and deliver e-mail gateway security, specifically enhancing Phishing / SPAM protection.
Drive planning & architecture roadmap creation & serve as a technical leade...Show moreLast updated: 30+ days ago
Senior Product Security Engineer.Crusoe's mission is to accelerate the abundance of energy and intelligence.We’re crafting the engine that powers a world where people can create ambitiously with AI...Show moreLast updated: 30+ days ago
- Promoted
- New!
AI Security Architect : Secure-by-Design Leader
SalesforceSan Francisco, CA, United StatesFull-time
- Promoted
SoC Security Architect - Platform Architecture
AppleCupertino, CA, United StatesFull-time
- Promoted
Product Security Engineer
AirtableSan Francisco, CA, United StatesFull-time
- Promoted
Lead Product Manager, Threat Monitoring & Verification
VerkadaSan Mateo, California, United StatesFull-time
- Promoted
AI Security Architect
salesforce.com, inc.San Francisco, CA, United StatesFull-time
- Promoted
Senior Security Architect
TradeJobsWorkForce94163 San Francisco, CA, USFull-time
- Promoted
FedNow Senior Cyber Security Architect
Federal ReserveSan Francisco, CA, United StatesFull-time +1
- Promoted
- New!
Senior Product Security Architect - Remote
CyberArkSanta Clara, CA, United StatesRemote
Full-time
- Promoted
Product Security Engineer
CHYMSan Francisco, CA, United StatesFull-time
- Promoted
Principal Product Manager (AIOps for Network Security)
Palo Alto NetworksSanta Clara, California, United StatesFull-time
- Promoted
- New!
AI Security Architect
SalesforceSan Francisco, CA, United StatesFull-time
- Promoted
Product Security Engineer
ChimeSan Francisco, CA, United StatesFull-time
- Promoted
Senior Solution Architect - Security
CerebrasSanta Clara, CA, United StatesFull-time
- Promoted
Senior Product Security Engineer
LMArenaSan Francisco, CA, United StatesFull-time
- Promoted
Principal Solutions Architect, Security Specialist
ElasticMountain View, CA, United StatesFull-time
- Promoted
Product Security Engineer
CascaSan Francisco, CA, United StatesFull-time
- Promoted
SECURITY SOLUTIONS ARCHITECT
Target Labs, IncSan Francisco, CA, United StatesFull-time
- Promoted
Senior Product Security Engineer
CrusoeSan Francisco, CA, United StatesFull-time