Listing Description

• Role Title: Product Security Architect


• Direct Report: Head of Special Projects, IT 


• Area: Security and Compliance


• Location: US Remote Preferred Location (Atlanta Georgia or San Francisco Bay Area)

REIMAGINE TRUST

Incode is the leading provider of world-class identity solutions that is reinventing the way humans authenticate and verify their identities online to power a world of digital trust.

Through our revolutionary identity solutions, we are unleashing the business potential of universal industries including finance, government, retail, hospitality, gaming and more, by reducing fraud and transforming human interactions with data, products, and services.

We’re in the process of rapidly scaling our diverse global team and we’re looking for entrepreneurial individuals and leaders who are curious, driven, and excited by ownership to join a Unicorn-status scale-up!

Product Security Architect

As the Product Security Architect, you will collaborate closely with skilled security professionals and engineers to improve the security of Incode’s products.

Responsibilities

· Identify, suggest, and implement security improvements to Incode’s current product offering.

· Actively participate in the definition of product requirements to ensure they incorporate security and privacy by design principles.

· Evaluate solution design and beta versions by applying security methodologies and tools to confirm security and privacy requirements are adequately addressed.

· Continuously implement the latest security and privacy industry practices and build supporting documentation and reference architectures for technical and non-technical audiences.

· Drive product security / privacy strategy and roadmap.

· Conduct threat modeling and risk assessments to identify potential security vulnerabilities.

· Collaborate with cross-functional teams to ensure that security is integrated into all aspects of product development and operations.

· Develop and maintain security policies, standards, and procedures

· Learn continuously to maintain and broaden product security architecture expertise

· Monitoring of product and infrastructure alerts, investigation of root causes, documentation of the findings.

· Implement alerts for monitoring access attempts, and changes to configurations that deviate from established baselines.

· Collaborate in the implementation and improvement of continuous integration, testing (including security), delivery, and deployment pipelines.

· Provide responses to security questionnaires, audits, and other security related questions.

· Work closely with Product, DevOps, IT Compliance, and other areas to ensure security and privacy requirements are met in the development of the product and in the deployment of infrastructure that supports the product.

Qualifications:

· 10+ years of experience in software development, architecture or technology consulting.

· 5+ years in a product security architect role

· Experience working in an Agile/Scrum Environment

· In-depth knowledge of mobile application security, including Web applications, iOS and Android platforms.

· In-depth knowledge of API security, microservices and Kubernetes.

· Hands on experience using Code obfuscation, application binary scanning, integrating SDKs into mobile apps.

· Extensive experience with industry privacy and security standards including ISO 27001, NIST 800-53, FedRAMP, GDPR.

· Experience with DevOps and DevSecOps.

· Experience with continuous security practices, including threat modeling, threat and vulnerability management, secure coding practices, and automated penetration testing.

· Experience with mobile application security testing tools and techniques, including code obfuscation, application binary scanning, integrating SDKs into mobile apps.

· Extensive implementation experience with enterprise security solutions, privilege management, identity management and federation systems.

· Experience with continuous integration, continuous deployment, continuous testing as well as experience with tools like AWS CodeDeploy , CodePipeline, CircleCI, Jenkins, GitHub, DockerHub.

Preferred Experience and Certifications:

· Experience as a thought leader to a talented group of engineers

· CISSP, CISA, CISM, IS027001 LA/LI, SANS (or equivalent experience)

· US Citizenship required