Product Security Architect

Hands-on security architect with broad product and cloud security expertise who can go deep into threat modeling, architecture reviews, and risk management for connected devices and cloud services - consultative but accountable, not just advisory.

• Security Architecture Assessments: Conduct security assessments, identify vulnerabilities, document them in the risk register, and prioritize mitigation efforts. Professional and technically accurate architecture documentation skills contribute to the success for the role.
• Risk Assessment & Management: Based upon the risks identified during assessments, maintain risk register by documenting the progress working together with developers for Critical/High risks.
• Continuous Improvement to AYI Product Security baseline: Review the existing security baseline applicable to product development, firmware, software etc. and make updates according to recent threat landscape.

• Broad security foundation across domains, with the ability to go deep where needed:

• Application & API security

• Cloud security (Azure primary; AWS/GCP familiarity acceptable)

• Identity, authentication, authorization

• Network and communication security (including device to cloud)

• Understands how core security principles apply differently to:

• Smart/connected devices (IoT/edge)
• Backend cloud services
• Mobile and web applications

• Comfortable reviewing system architectures, data flows, and trust boundaries, not just individual components.
• Risk based decision making: Ability to

• Identify and document risks clearly
• Maintain and reason over a risk register
• Prioritize mitigations based on impact, likelihood, and business context

• Must be comfortable making pragmatic security trade offs and explaining them to engineering and leadership.