Staff Product Security Architect

Required Qualifications

• Serve as the dedicated security architect and strategic partner for Core DevOps functional leadership, developing deep understanding of their priorities, challenges, and roadmap
• Lead security architecture and design work for strategic Core DevOps initiatives, providing clear direction and proactive guidance to cross-functional teams
• Identify, assess, and drive reduction of systemic security risks in the Product Security Risk Register related to CI/CD pipelines, source code management, and DevOps workflows
• Anticipate security challenges in upcoming Core DevOps initiatives and propose architectural solutions before they reach critical implementation phases
• Coordinate with Application Security engineers to ensure comprehensive security review coverage, providing context and priority guidance for Core DevOps work
• Conduct security architecture reviews for large strategic projects across Plan, Create, Verify, and Package stages
• Develop and communicate security standards and patterns specific to CI/CD security, enabling teams to make sound security decisions independently
• Collaborate with Security Research team members conducting proactive security exploration in the Core DevOps domain
• Cultivate strong relationships with Core DevOps technical leadership to maintain visibility into major initiatives and drive security outcomes
• Deep expertise in CI/CD pipeline security, including runner isolation, secrets management, artifact security, and supply chain attack prevention
• Strong understanding of source code management security, including merge request workflows, code review security, branch protection, and access control patterns
• Proven experience securing DevOps toolchains and identifying systemic risks in continuous integration and delivery systems
• Demonstrated ability to build trusted relationships with engineering leadership and influence technical direction through expertise and collaboration
• Track record of proactive security architecture work - identifying risks before they become incidents and designing preventive solutions
• Strong background in application security with expertise in authentication/authorization, injection attacks, privilege escalation, and multi-tenant isolation
• Experience translating complex security concepts into clear, actionable recommendations for technical audiences
• Ability to operate strategically while remaining technically hands-on when needed
• Nice to have: Experience with container registry and package management security; cryptographic systems and key management (SLSA framework); GraphQL security; AI-augmented development workflows; government security requirements (FedRAMP, NIST 800-171); security standards and frameworks (ISO 27001, SOC 2, PCI-DSS); and quantifying risk with security metrics or Key Risk Indicators
• Benefits to support your health, finances, and well-being
• Flexible Paid Time Off
• Team Member Resource Groups
• Equity Compensation & Employee Stock Purchase Plan
• Growth and Development Fund
• Parental leave
• Home office support