Product Security Architect

About TEMENOS

Temenos powers a world of banking that creates opportunities for billions of people and businesses everywhere. We have been doing this for over 30 years through the pioneering spirit of our Temenosians who are passionate about making banking better, together.

We serve over 3000 clients from the largest to challengers and community banks in 150+ countries. We collaborate with clients to build new banking services and state-of-the-art customer experiences on our open banking platform, helping them operate more sustainably.

At Temenos, we have an open-minded and inclusive culture, where everyone has the power to create their own destiny and make a positive contribution to the world of banking and society.

The Role

We are seeking a highly experienced and passionate Product Security Software Architect to join our dynamic team. This pivotal role will be responsible for defining, developing, and embedding security architecture standards across our product development lifecycle. The ideal candidate will possess deep expertise in secure software development, threat modeling, and architecture review processes, with a strong emphasis on leveraging frameworks like OWASP Application Security Verification Standard (ASVS). You will work closely with engineering, product management, and operations teams to ensure our products are designed and built with security as a fundamental principle, not an afterthought.

Key Responsibilities

• Security Architecture Standards Development:

• Define, document, and evangelize secure architecture principles, patterns, and guidelines for all new and existing product development.

• Develop and maintain a robust set of security architectural standards, ensuring alignment with industry best practices (e.g., OWASP Top 10, CWE, NIST, Cybersecurity Framework) and regulatory requirements.
• Collaborate with engineering teams to integrate security standards seamlessly into existing development workflows and CI/CD pipelines.

• Drive the adoption of security by design principles across the organization.

• Threat Modeling:

• To Lead and facilitate comprehensive threat modeling exercises for new features, major architectural changes, and critical components across the product portfolio.

• Identify potential security vulnerabilities and design flaws early in the development lifecycle through systematic threat analysis.

• Work with development teams to prioritize and implement appropriate mitigations based on identified threats and risks.
  Educate and mentor development teams on effective threat modeling methodologies and tools.

• Architecture Review using OWASP ASVS:

• Conduct in-depth security architecture reviews of product designs, specifications, and implementations, utilizing frameworks such as OWASP ASVS.

• Assess the security posture of applications against defined architectural standards and security requirements.

• Provide actionable recommendations and guidance to engineering teams on addressing identified security weaknesses and improving overall application security maturity.
  Participate in design discussions and provide expert security input throughout the software development lifecycle.

• Consultation and Mentorship:

• Act as a subject matter expert and trusted advisor on all aspects of product security for engineering, product, and leadership teams.

• Mentor and guide software engineers on secure coding practices, architectural patterns, and security best practices.
• Foster a strong security-aware culture within the engineering organization.

Required Qualifications

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
• 8+ years of experience in software development, with at least 4+ years dedicated to product security architecture roles.
• Proven experience in designing and implementing secure architectures for complex software systems.
• Deep understanding of secure coding principles, common vulnerabilities (e.g., OWASP Top 10), and defense-in-depth strategies.
• Hands-on experience with threat modeling methodologies (e.g., STRIDE, DREAD or other risk calculation methodologies) and tools.
• Extensive experience conducting security architecture reviews and applying frameworks like OWASP ASVS (familiarity with different levels of ASVS is a plus).
• Proficiency in at least one major programming language (e.g., Java, Python, Go, C#, ) and familiarity with modern web application frameworks and cloud native architectures.
• Knowledge of Cloud Platform Security Architecture, e.g. Azure, AWS
• Strong understanding of cryptographic principles, authentication, authorization, and secure communication protocols.
• Excellent communication, interpersonal, and presentation skills, with the ability to articulate complex security concepts to both technical and non-technical audiences.

• Preferred Qualifications:

• Relevant security certifications (e.g., CISSP, CSSLP, CISA).

• Experience with containerization and orchestration technologies (e.g., Docker, Kubernetes).
• Knowledge of privacy-by-design principles (e.g., GDPR, CCPA).
• Familiarity with AI security governance principles and best practices.
• Experience in a highly regulated industry.
• Experience in the finance industry

VALUES

• Care about transforming the banking landscape.
• Commit to being part of an exciting culture and product evolving within the financial industry.
• Collaborate effectively and proactively with teams within or outside Temenos
• Challenge yourself to be ambitious and achieve your individual as well as the company targets

SOME OF OUR BENEFITS include:

• Maternity leave: Transition back with 3 days per week in the first month and 4 days per week in the second month
• Civil Partnership: 1 week of paid leave if you're getting married. This covers marriages and civil partnerships, including same sex/civil partnership
• Family care: 4 weeks of paid family care leave
• Recharge days: 4 days per year to use when you need to physically or mentally needed to recharge
• Study leave: 2 weeks of paid leave each year for study or personal development