Position Summary:

The Principal Architect, Product Security is a senior product security architecture leader responsible for advancing secure-by-design practices across multiple product portfolios, platforms, and business capabilities.

This role partners with product, engineering, platform, cloud, cybersecurity, enterprise architecture, privacy, and risk teams to ensure product designs include appropriate security guardrails from concept through delivery and operation. The Principal Architect translates enterprise cybersecurity strategy into reusable product security patterns, practical engineering requirements, and consistent architecture guidance.

Essential Responsibilities:

• Lead product security architecture across multiple product portfolios or major business capabilities.
• Define and maintain reusable secure design patterns, reference architectures, and technical guardrails.
• Review high-risk product, platform, API, cloud, and integration designs.
• Partner with product and engineering leaders to embed security into planning, design, development, testing, deployment, and operations.
• Translate cybersecurity policies, standards, and risk expectations into practical product security requirements.
• Guide teams on secure implementation of modern application, API, cloud-native, and distributed architectures.
• Establish and lead threat modeling for complex or high-risk products and platforms.
• Identify architecture-level security gaps and recommend pragmatic remediation plans.
• Escalate material risks and provide clear risk narratives to technology and cybersecurity leadership.
• Define expectations for security controls in CI/CD pipelines and developer workflows.
• Guide adoption of SAST, DAST, SCA, container scanning, IaC scanning, secrets detection, and related tooling.
• Partner with engineering teams to improve security testing quality, reduce noise, and increase actionable remediation.
• Contribute to metrics that measure product security maturity, control adoption, and vulnerability reduction.
• Define product security guidance for authentication, authorization, federation, API security, encryption, secrets management, and secure data handling.
• Advise on Zero Trust, least privilege, service-to-service security, and secure integration patterns.
• Partner with cloud and platform teams to embed security into shared engineering services and platform capabilities.
• Serve as a senior product security advisor to product, engineering, cybersecurity, architecture, privacy, compliance, and risk teams.
• Mentor Product Security Architects, engineers, and technical leads.
• Participate in architecture review boards, design forums, and governance processes.
• Contribute to product security standards, maturity models, dashboards, and continuous improvement efforts.