An Amazing Career Opportunity for Product Security and Privacy Architect
Location: Chennai, India (Hybrid)
Job ID: 47565

Profile Summary:

As part of the Product Security and Privacy team, reporting to the Chief Product Security & Privacy Architect, you will support product teams in adopting and implementing HID’s security and privacy program.
Accountable for the quality, consistency, and defensibility of all security & privacy related artifacts you guarantee that outputs are “audit-ready,” and not just “done.
You will have opportunities to work on a very wide portfolio of applications based on different technologies (Web, Embedded, Mobile, Desktop) within a very diverse and international context covering all five HID Business Areas.

About HID Global

HID Global powers the trusted identities of the world’s people, places and things. We make it possible for people to transact safely, work productively and travel freely. Our trusted identity solutions give people secure and convenient access to physical and digital places and connect things that can be accurately identified, verified and tracked digitally. Millions of people around the world use HID products and services to navigate their everyday lives, and over 2 billion things are connected through HID. We work with governments, educational institutions, hospitals, financial institutions, industrial businesses, and some of the most innovative companies on the planet. Headquartered in Austin, Texas, HID Global has over 4500 employees worldwide and operates international offices that support more than 100 countries. HID Global® is an ASSA ABLOY Group brand. HID Global has is the trusted source for secure identity solutions for millions of customers and users around the world. In India, we have two Engineering Centre (Bangalore and Chennai). Global Engineering Team is based in Chennai and one of the Business Unit Engineering team is based in Bangalore. Check us out: www.hidglobal.com and https://youtu.be/23km5H4K9Eo

LinkedIn:  www.linkedin.com/company/hidglobal/mycompany/

Are You Ready to Join the Team?
Our company is committed to finding the best and the brightest talent to help us reach the top. If you are a dynamic, highly skilled, experienced Cloud engineer and technology enthusiast, and you enjoy working in a rapid pace within a rapidly growing business environment, then you will want to consider this position. If you excel at communication, collaboration, and unrelenting innovation, we want to talk to you. And if you bring dedication, positive energy and integrity to the table, you just might be the right fit for our team.

Qualifications
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

Roles & Responsibilities (Other duties may be assigned)

• Leads day-to-day security/privacy architecture governance, escalates and obtains approval from the Chief Product Security & Privacy Architect as required.
• Define corporate wide security and privacy requirements, controls, and standards.
• Define corporate wide Secure Coding, third-party, deployment policies & other architecture-related standards.
• Define required training content.
• Define paved roads/security and privacy-by-design patterns and libraries.
• Lead development of AI-enabled PSP Architecture capabilities: define use cases, requirements, and success criteria.
• Own the threat modeling framework and quality bars.
• Run/approve security & privacy architecture reviews.
• Lead audit/assessment planning, evidence of expectations, and defensibility.
• Responsible for tooling selection and integration related to security & privacy architecture domain.
• Architect for compliance, analyze new regulations and standards to identify gaps in the platform's capabilities, standards, and controls.
• Assess New Acquisitions Architecture and contribute to due diligence on a needed basis.

Primary Duties:

These define the broader responsibilities and areas of ownership within the role

• Provide recommendations for risk acceptance and exception requests.
• Provide input on tooling strategy and integration guidance for non-architecture related domains.
• Provide guidance on security requirements for supply chain tooling, pipeline architecture, and associated standards.
• Validate that platform architecture enables enforcement of PSP security controls.
• Provide expert input on exploitability, attack paths, and mitigation options during Incident handling process
• Provide guidance on true risk vs noise for security tool outputs and penetration tests.
• Provide subject-matter depth during training delivery: advanced Q&A, edge cases, Offer office hours or follow-ups for complex topics

Technical Skills:

• Experience contributing to at least one Secure Software Development Lifecycle (SSDL) program, either as a security architect, security champion, or similar role.
• Working knowledge of general principles of application security
• Working knowledge of threat modeling principles.
• Working Knowledge of security standards (OWASP, ISO, NIST, ...).
• Knowledge of security regulations, such as the Radio Equipment Directive (RED), Cyber Resilience Act (CRA), Federal Information Processing Standards (FIPS), and Common Criteria (CC) or equivalent.
• Good understanding of cryptographic principles, including algorithms, key management, and protocols.
• Experience using security tools (SAST, DAST, SCA, Vulnerability Scanners, Secret Scanners).
• Hands-on experience in at least one, preferably more, of these application domains:
  • Embedded device Security
  • Mobile security
  • Web & API security
  • Desktop security.

Preferred Qualifications

• Cloud infrastructure, Supply Chain, and deployment Security
• Experience with Agile/SAFe Methodology
• Experience with usage of AI tools in the context of a security program.

Education and/or Experience

• Master's Degree, computer science, or similar qualifications.
• At least 3 years in software/product security, application security, or security architecture
• At least 7 years of hands-on software engineering / QA / DevOps earlier in career (or equivalent).
• At least one security or privacy certification (CISSP, CIPT, CSSLP, CEH, ...) is a plus.
• Proven ownership of at least one of: threat modeling program, secure design review governance, audit evidence management, security tooling strategy, penetration testing program or similar.

Soft Skills

• Ability to effectively communicate complex concepts clearly and effectively in the English language, both verbally and in writing.
• Like training and knowledge-sharing, with a strong motivation to ensure the security program is successfully implemented by the teams.
• Highly adaptable and approachable, fostering collaboration and open communication.
• Ability to tailor your communication to different audiences such as product owners, development teams, architects, and other high-level users.
• Strong technical acumen with the ability to engage effectively with development teams and Continuous learning mindset.
  

Why apply?

• Empowerment: You’ll work as part of a global team in a flexible work environment, learning and enhancing your expertise. We welcome an opportunity to meet you and learn about your unique talents, skills, and experiences. You don’t need to check all the boxes. If you have most of the skills and experience, we want you to apply.
• Innovation: You embrace challenges and want to drive change. We are open to ideas, including flexible work arrangements, job sharing or part-time job seekers.
• Integrity: You are results-orientated, reliable, and straightforward and value being treated accordingly. We want all our employees to be themselves to feel appreciated and accepted.

This opportunity may be open to flexible working arrangements.

HID is an Equal Opportunity/Affirmative Action Employer – Minority/Female/Disability/Veteran/Gender Identity/Sexual Orientation.

We make it easier for people to get where they want to go!
On an average day, think of how many times you tap, twist, tag, push or swipe to get access, find information, connect with others or track something.  HID technology is behind billions of interactions, in more than 100 countries.  We help you create a verified, trusted identity that can get you where you need to go – without having to think about it.  
 
When you join our HID team, you’ll also be part of the ASSA ABLOY Group, the global leader in access solutions. You’ll have 63,000 colleagues in more than 70 different countries. We empower our people to build their career around their aspirations and our ambitions – supporting them with regular feedback, training, and development opportunities. Our colleagues think broadly about where they can make the most impact, and we encourage them to grow their role locally, regionally, or even internationally. As we welcome new people on board, it’s important to us to have diverse, inclusive teams, and we value different perspectives and experiences.

 #LI-HIDGlobal