Architect - Product Security

Minimum Required Experience : 10 years

Full Time

**Skills**:

- Cvss- Cyber Security- Security Architecture- Dast- Cryptography- Risk Analysis- Sast- Software Composition Analysis- White-Box Testing- Oauth 2.0- Vulnerability Assessments- Penetration Testing- Pki- Threat Modelling- Risk Mitigation- Owasp- FipsDescription

**Job Description - Product Security Architect**

**Experience Range & Quantity**

12+ YOE, 1 No

**Location Requirement**

Bangalore - Whitefield [Hybrid - at least 3 days a week]

**Fulfilment date**

ASAP

**Responsibilities**
- Provide privacy and security technical expertise supporting the product team throughout product development, design change, and life-cycle management.
- Work with the Product Security Leader (PSL) to support the product team with process expertise for Healthcare Product Cybersecurity Standards and life-cycle management.
- Product cybersecurity development responsibilities:

- Assess the privacy and cybersecurity state of the product and define product roadmap features/enhancements with stakeholder approval.
- Responsible for security architecture and coordination of product development for cybersecurity features and enhancements.
- Assess product components and SBoM are integrated into the product.
- Perform defect management for cybersecurity issues.
- Identify operational responsibilities and adherence to cloud standards for cloud-based products.
- Responsible for Product and Security Manual and MDS2 documentation.
- In coordination with the PSL, own and deliver Product Cybersecurity Standard artefacts, which include:

- Design input activities to identify, evaluate, roadmap, and drive cybersecurity and privacy features and enhancements within product development programs.
- Create Design Engineering Privacy and Security (DEPS) artefacts for privacy and security risk assessments to engage in domain-specific product threat modelling, attack surface analysis, risk management and reduction.
- Coordinates with the PSL to support the product team in scheduling and performing vulnerability scans and cybersecurity assessments.
- Lead product Security Technical Design Reviews
- Along with the product Lead System Designer (LSD), responsible for the Product Cybersecurity Standard compliance and other pertinent standards and processes.
- The released products shall comply with required regulatory standards & compliance (like FDA, HIPPA, GDPR etc.)
- Works with the Product Security team and Quality Assurance & Regulatory Assurance (QARA) on released product life cycle, including:

- Participate in post-market product vulnerability monitoring.
- Participate as a Subject Matter Expert to determine product vulnerability impact, investigation, and risk assessment.
- Responsible for product vulnerability mitigation and design change.
- Responsible for vulnerability tool updates to ensure accurate customer communication.
- Address customer and Sales RFP privacy and security feedback/questions.
- Provide technical expertise on customer concerns, complaints, and CSO escalations.
- Create/Maintain responsible product records within product cybersecurity tools.

**Mandatory Soft Skills**
- Should be able to contribute as an individual contributor
- Should be able to execute his/her responsibility independently
- Focus on self-planning activities

**Mandatory Skills**
- **Security Engineering**
- Globally recognized Cyber Security Certifications (Advanced/Expert Level).
- Firm with knowledge of OWASP, CVSS, FIPS 140-2/140-3 and DoD RMF
- The Architect shall be capable of not only finding risks/issues but shall also suggest the best route to remediation, knowing the compensatory controls & guiding the product team for its closure.
- Sound understanding of security technologies/techniques like
- Cryptography, Algorithms, Public key Infrastructure (PKI) Certificate Authority (CA),
- Hardware/embedded authentication, OAuth, 2-factor authentication, and
- white-box code analysis.
- Experience with a range of security tools related to
- SAST (Static Application Security Assessment),
- DAST (Dynamic Application Security Assessment),
- Vulnerability Management,
- SCA (Software Composition Analysis),
- Penetration Testing
- Threat Modelling Tools etc.
- **Product Engineering**
- Experience in working in a Product sector environment
- Knowledge of Cloud Infrastructure [Platform as a Service]

**Nice-to-have Skills**
- **Medical Software/Device Engineering**
- MDS2 documentation
- Experience in the Healthcare domain.
- **Standard Software Engineering**
- Experience in Micro Services using RESTful frameworks
- **Security Engineering**
- Penetration Testing in Web Applications, Thick Clients, Mobile Applications, REST/SOAP
- Infrastructure Penetration Testing
- Experience in Red Teaming Activities (add-on)
- Recognition for CVE or Wall-of-Fame through Bug-Bounty (add-on)