Staff Product Security Architect

What you’ll do:

• Serve as the dedicated security architect and strategic partner for Core DevOps functional leadership, developing deep understanding of their priorities, challenges, and roadmap
• Lead security architecture and design work for strategic Core DevOps initiatives, providing clear direction and proactive guidance to cross-functional teams
• Identify, assess, and drive reduction of systemic security risks in the Product Security Risk Register related to CI/CD pipelines, source code management, and DevOps workflows

What you’ll bring:

• Deep expertise in CI/CD pipeline security, including runner isolation, secrets management, artifact security, and supply chain attack prevention
• Strong understanding of source code management security, including merge request workflows, code review security, branch protection, and access control patterns
• Proven experience securing DevOps toolchains and identifying systemic risks in continuous integration and delivery systems

Nice to have:

• Experience with container registry and package management security; cryptographic systems and key management (SLSA framework); GraphQL security; AI-augmented development workflows
• government security requirements (FedRAMP, NIST 800-171); security standards and frameworks (ISO 27001, SOC 2, PCI-DSS); and quantifying risk with security metrics or Key Risk Indicators