ABOUT THE POSITION
The Product Security Architect – Digital and Enterprise Applications role is a strategic position designed to ensure that security is seamlessly integrated into the lifecycle of both digital and corporate-facing applications. This role will focus on designing, reviewing, and implementing robust security solutions to protect sensitive data and business logic within a diverse portfolio of software applications, including cloud-based and on-premises solutions. The ideal candidate will have expertise in application security, secure architecture, and threat modeling with a passion for advancing security practices within an agile development environment. This role reports directly to the Head of Product Security.
Key Responsibilities Include:
•Collaborate with cross-functional teams to define security requirements for new and existing products.
•Lead threat modeling sessions to identify and mitigate potential security risks.
•Perform security architecture reviews to validate application security across cloud and on-premises solutions.
•Define security posture for new and existing digital applications, aligning with industry standards and compliance requirements.
•Develop and enforce security assurance maturity models to continuously improve application security.
•Drive security improvements across digital and enterprise applications to protect business functions and sensitive data.
•Foster a proactive security culture within the organization, enabling secure and resilient application development.
What will our ideal candidate bring to Fluence?
- Bachelor's degree in computer science or related field. Equivalent work experience will be considered.
- Professional certifications such as CISSP, CSSLP, or similar.
- Core Product security and Software development background of 5+ years.
- Ability to articulate security requirements for build and delivery pipelines.
- Experience in Threat Modeling and Security Architecture Reviews as per industry standards.
- Experience working with energy-related companies or national lab institutions is desirable.
- Should have expertise in Microsoft Azure, GCP, and AWS to secure cloud applications and SaaS products.
- Experience in Secure SDLC SAST, SCA, DAST, Container Security and Penetration testing.
- Experience in data security/governance initiatives in a highly regulated environment.
- Continuously assess the application security maturity and build enhancement plans.
- Soft skills - excellent communication skills with the ability to work collaboratively with cross-functional teams.