Product Security Architect - Digital & Enterprise Applications

ABOUT THE POSITION

The Product Security Architect – Digital and Enterprise Applications role is a strategic position designed to ensure that security is seamlessly integrated into the lifecycle of both digital and corporate-facing applications. This role will focus on designing, reviewing, and implementing robust security solutions to protect sensitive data and business logic within a diverse portfolio of software applications, including cloud-based and on-premises solutions. The ideal candidate will have expertise in application security, secure architecture, and threat modeling with a passion for advancing security practices within an agile development environment. This role reports directly to the Head of Product Security.

• Collaborate with cross-functional teams to define security requirements for new and existing products.
• Lead threat modeling sessions to identify and mitigate potential security risks.
• Perform security architecture reviews to validate application security across cloud and on-premises solutions.
• Define security posture for new and existing digital applications, aligning with industry standards and compliance requirements.
• Develop and enforce security assurance maturity models to continuously improve application security.
• Drive security improvements across digital and enterprise applications to protect business functions and sensitive data.
• Foster a proactive security culture within the organization, enabling secure and resilient application development.

• Bachelor's degree in computer science or related field. Equivalent work experience will be considered.
• Professional certifications such as CISSP, CSSLP, or similar.
• Core Product security and Software development background of 5+ years.
• Ability to articulate security requirements for build and delivery pipelines.
• Experience in Threat Modeling and Security Architecture Reviews as per industry standards.
• Experience working with energy-related companies or national lab institutions is desirable.
• Should have expertise in Microsoft Azure, GCP, and AWS to secure cloud applications and SaaS products.
• Experience in Secure SDLC SAST, SCA, DAST, Container Security and Penetration testing.
• Experience in data security/governance initiatives in a highly regulated environment.
• Continuously assess the application security maturity and build enhancement plans.
• Soft skills - excellent communication skills with the ability to work collaboratively with cross-functional teams.