Principal Security Architect

The Opportunity 

We are looking for a trustworthy and proactive Principal Security Architect to be the technical thought leader and driver of holistic security across product and corporate security. The Security Architect works across various groups in the organization to elevate our security posture and ensure adaptable and long-lasting security improvements. We’re looking for someone who loves to architect and implement solutions across multiple areas of information security, such as risk management, product security, offensive security, cloud security, corporate security, and security operations (detection and response).  

To be successful as a Principal Security Architect, you should have exceptional foresight, great communication skills, and thorough knowledge across multiple security domains and technologies. As a key person influencing our security posture, we will be looking to you to drive security initiatives across multiple business units and ensure business-friendly and scalable solutions. Reporting to the Sr. Director of Information Security, you will be an early hire to the security team and will have the opportunity to influence and build secure architectures, tooling and approaches from the ground up.  

Responsibilities 

• Identify, architect, guide, mentor and implement security improvements to Incode’s current operations, product and infrastructure. 
• Threat model and evaluate new solutions and tools in AWS, Azure, and other clouds, and develop security frameworks that enable Incode to introduce these technologies in a secure manner. 
• Develop and drive north-star architectures, intermediate architectures and implementation strategies for secure solutions. 
• Work closely with Product, DevOps, IT Compliance, and other areas to ensure security and privacy requirements are met in the development of the product and in the deployment of infrastructure that supports the product. 
• Provide technical expertise and input into the security roadmap and drive the implementation of technical solutions in that roadmap. 

Qualifications: 

• Deep experience in at least one of the following areas: Product Security & Offensive Security (to include DevSecOps), Security Operations, Detection Engineering, Cloud Security, Risk Management, Corporate Security and Threat Intelligence. 
• Thorough knowledge and experience in securing highly available SaaS products across cloud first, hybrid and on-prem deployment methods.  
• Extensive experience with industry compliance and security standards including PCI DSS, SOC2, ISO 27001, NIST 800-53. 
• Depth and experience in securing the full lifecycle of cloud-native technologies (including docker, Kubernetes, serverless, etc.). 
• Experience with continuous security practices, including threat modeling, threat and vulnerability management, secure coding practices, and automated penetration testing. 
• Practical knowledge across automation, segmentation, application protection, defense-in-depth, remote access, encryption, disaster recovery and replication, high-availability, software defined networking, virtualization, enclaves, zero trust, supply chain and other security architectural elements. 
• Extensive experience with infrastructure automation, infrastructure as code, automated application deployment, monitoring/telemetry, logging, reporting, and continuous integration and delivery technologies.  
• Extensive implementation experience with enterprise, cloud and product security solutions, such as privilege management, identity management, federation systems, SIEM, SOAR, EDR, IDS, IPS, etc. 

Preferred Experience and Certification: 

• Prior experience in product security engineering, cloud security engineering, secure software engineering, or infrastructure engineering. 
• Hands-on experience in offensive security and an attacker mindset. 
• A polyglot programmer comfortable in many languages across different platforms  
• SaaS Startup experience in security focused industries, such as fintech, security software and services, healthtech, identity and access management.  
• Experience in technically supporting highly regulated industries with security initiatives (FedRAMP, HIPAA, FERC/NERC, etc.)  
• Experience as a thought leader to a talented group of engineers 
• CISSP, CISA, CISM, IS027001 LA/LI, SANS (or equivalent experience)
• Cloud Certifications, such as AWS Certified Solutions Architect, AWS Security Specialty