Minimum Required Experience : 10 years Full Time Skills Cvss Cyber Security Security Architecture Dast Cryptography Risk Analysis Sast Software Composition Analysis White-Box Testing Oauth 2.0 Vulnerability Assessments Penetration Testing Pki Threat Modelling Risk Mitigation Owasp Fips Description Job Description – Product Security Architect Experience Range & Quantity 12+ YOE, 1 No Location Requirement Bangalore – Whitefield [Hybrid – at least 3 days a week] Fulfilment date ASAP Responsibilities Provide privacy and security technical expertise supporting the product team throughout product development, design change, and life-cycle management. Work with the Product Security Leader (PSL) to support the product team with process expertise for Healthcare Product Cybersecurity Standards and life-cycle management. Product cybersecurity development responsibilities: Assess the privacy and cybersecurity state of the product and define product roadmap features/enhancements with stakeholder approval. Responsible for security architecture and coordination of product development for cybersecurity features and enhancements. Assess product components and SBoM are integrated into the product. Perform defect management for cybersecurity issues. Identify operational responsibilities and adherence to cloud standards for cloud-based products. Responsible for Product and Security Manual and MDS2 documentation. In coordination with the PSL, own and deliver Product Cybersecurity Standard artefacts, which include: Design input activities to identify, evaluate, roadmap, and drive cybersecurity and privacy features and enhancements within product development programs. Create Design Engineering Privacy and Security (DEPS) artefacts for privacy and security risk assessments to engage in domain-specific product threat modelling, attack surface analysis, risk management and reduction. Coordinates with the PSL to support the product team in scheduling and performing vulnerability scans and cybersecurity assessments. Lead product Security Technical Design Reviews Along with the product Lead System Designer (LSD), responsible for the Product Cybersecurity Standard compliance and other pertinent standards and processes. The released products shall comply with required regulatory standards & compliance (like FDA, HIPPA, GDPR etc.) Works with the Product Security team and Quality Assurance & Regulatory Assurance (QARA) on released product life cycle, including: Participate in post-market product vulnerability monitoring. Participate as a Subject Matter Expert to determine product vulnerability impact, investigation, and risk assessment. Responsible for product vulnerability mitigation and design change. Responsible for vulnerability tool updates to ensure accurate customer communication. Address customer and Sales RFP privacy and security feedback/questions. Provide technical expertise on customer concerns, complaints, and CSO escalations. Create/Maintain responsible product records within product cybersecurity tools. Mandatory Soft Skills Should be able to contribute as an individual contributor Should be able to execute his/her responsibility independently Focus on self-planning activities Mandatory Skills Security Engineering Globally recognized Cyber Security Certifications (Advanced/Expert Level). Firm with knowledge of OWASP, CVSS, FIPS 140-2/140-3 and DoD RMF 7+ years of full-time information security experience [out of 12+ YOE) with emphasis on technical assessment (system/web application vulnerability assessment, penetration testing, white-box secure code analysis, etc.) and security architecture (design of security controls, secure system design, understanding of identity and authentication management, etc.) The Architect shall be capable of not only finding risks/issues but shall also suggest the best route to remediation, knowing the compensatory controls & guiding the product team for its closure. Sound understanding of security technologies/techniques like Cryptography, Algorithms, Public key Infrastructure (PKI) Certificate Authority (CA), Hardware/embedded authentication, OAuth, 2-factor authentication, and white-box code analysis. Experience with a range of security tools related to SAST (Static Application Security Assessment), DAST (Dynamic Application Security Assessment), Vulnerability Management, SCA (Software Composition Analysis), Penetration Testing Threat Modelling Tools etc. Product Engineering Experience in working in a Product sector environment Knowledge of Cloud Infrastructure [Platform as a Service] Nice-to-have Skills Medical Software/Device Engineering MDS2 documentation Experience in the Healthcare domain. Standard Software Engineering Experience in Micro Services using RESTful frameworks Security Engineering Penetration Testing in Web Applications, Thick Clients, Mobile Applications, REST/SOAP Infrastructure Penetration Testing Experience in Red Teaming Activities (add-on) Recognition for CVE or Wall-of-Fame through Bug-Bounty (add-on)