Product Security and Privacy Architect (Austin, TX, US, 78753)

An Amazing Career Opportunity for a Product Security and Privacy Architect!! Location: Remote (US & Europe) Job ID: 47563 As part of the Product Security and Privacy team, reporting to the Chief Product Security & Privacy Architect, you will support product teams in adopting and implementing HID s security and privacy program. Accountable for the quality, consistency, and defensibility of all security & privacy related artifacts you guarantee that outputs are audit-ready, and not just done. You will have opportunities to work on a very wide portfolio of applications based on different technologies (Web, Embedded, Mobile, Desktop) within a very diverse and international context covering all five HID Business Areas. Who are we? HID powers the trusted identities of the world s people, places, and things, allowing people to transact safely, work productively and travel freely. We are a high-tech software company headquartered in Austin, TX, with over 4,500 worldwide employees. Check us out here: www.hidglobal.com and https://youtu.be/23km5H4K9Eo As our Product Security and Privacy Architect, you ll support HID s success by: • Leading day-to-day security/privacy architecture governance, escalating and obtaining approval from the Chief Product Security & Privacy Architect as required. • Defining corporate wide security and privacy requirements, controls, and standards. • Defining corporate wide Secure Coding, third-party, deployment policies & other architecture-related standards. • Defining required training content. • Defining paved roads/security and privacy-by-design patterns and libraries. • Leading development of AI-enabled PSP Architecture capabilities: define use cases, requirements, and success criteria. • Owning the threat modeling framework and quality bars. • Running/approving security & privacy architecture reviews. • Leading audit/assessment planning, evidence of expectations, and defensibility. • Being responsible for tooling selection and integration related to security & privacy architecture domain. • Architecting compliance, analyzing new regulations and standards to identify gaps in the platform's capabilities, standards, and controls. • Assessing New Acquisitions Architecture and contributing to due diligence on a needed basis. • Providing recommendations for risk acceptance and exception requests. • Providing input on tooling strategy and integration guidance for non-architecture related domains. • Providing guidance on security requirements for supply chain tooling, pipeline architecture, and associated standards. • Validating that platform architecture enables enforcement of PSP security controls. • Providing expert input on exploitability, attack paths, and mitigation options during Incident handling process • Providing guidance on true risk vs noise for security tool outputs and penetration tests. • Providing subject-matter depth during training delivery: advanced Q&A, edge cases, Offer office hours or follow-ups for complex topics Your Experience and Background include: • Master's Degree, computer science, or similar qualifications. • At least 3 years in software/product security, application security, or security architecture • At least 7 years of hands-on software engineering / QA / DevOps earlier in career (or equivalent). • At least one security or privacy certification (CISSP, CIPT, CSSLP, CEH, ...) is a plus. • Proven ownership of at least one of: threat modeling program, secure design review governance, audit evidence management, security tooling strategy, penetration testing program or similar. • Experience contributing to at least one Secure Software Development Lifecycle (SSDL) program, either as a security architect, security champion, or similar role. • Working knowledge of general principles of application security • Working knowledge of threat modeling principles. • Working Knowledge of security standards (OWASP, ISO, NIST, ...). • Knowledge of security regulations, such as the Radio Equipment Directive (RED), Cyber Resilience Act (CRA), Federal Information Processing Standards (FIPS), and Common Criteria (CC) or equivalent. • Good understanding of cryptographic principles, including algorithms, key management, and protocols. • Experience using security tools (SAST, DAST, SCA, Vulnerability Scanners, Secret Scanners). • Hands-on experience in at least one, preferably more, of these application domains: • Embedded device Security • Mobile security • Web & API security • Desktop security • Experience with Agile/SAFe Methodology is preferred. • Experience with usage of AI tools in the context of a security program is preferred. • Cloud infrastructure, Supply Chain, and deployment Security is preferred. What we can offer you: • Competitive salary and rewards package • Competitive benefits and annual leave offering, allowing for work-life balance • A vibrant, welcoming & inclusive culture • Extensive career development opport...