Senior Product Security Architect

Cubic Corporation


Date: 2 weeks ago
City: Hyderabad, Telangana
Contract type: Full time

Business Unit:

Cubic Transportation Systems

Company Details:

When you join Cubic, you become part of a company that creates and delivers technology solutions in transportation to make people’s lives easier by simplifying their daily journeys, and defense capabilities to help promote mission success and safety for those who serve their nation. Led by our talented teams around the world, Cubic is committed to solving global issues through innovation and service to our customers and partners.

We have a top-tier portfolio of businesses, including Cubic Transportation Systems (CTS) and Cubic Defense (CD). Explore more on Cubic.com.

Job Details:

Summary: We are seeking a highly experienced Senior Product Security Architect who will be responsible for embedding security into the entire product lifecycle—from design to deployment—while enabling secure innovation at scale.

As a senior leader, you will define the product security strategy, influence engineering practices, and ensure security is a core pillar of product development rather than an afterthought. You will partner closely with engineering, DevOps, cloud, and business leaders to mitigate risks while accelerating delivery.

Key Responsibilities

1. Security Architecture & Strategy

  • Define and implement product security architecture frameworks and standards.
  • Integrate Security-by-Design and Privacy-by-Design principles into all products.
  • Establish a long-term product security roadmap aligned with business strategy.
  • Lead threat modeling and risk assessments for critical products and platforms.
  • Provide architectural guidance for:
    • Cloud-native applications
    • Microservices and APIs
    • SaaS and enterprise platforms
  • Drive adoption of security frameworks including:
    • NIST Secure Software Development Framework (SSDF) – NIST SP 800-218
    • OWASP SAMM (Software Assurance Maturity Model)

2. Secure SDLC (Software Development Lifecycle)

  • Design and implement a Secure SDLC (SSDLC) framework across teams.
  • Embed security controls across:
    • Design
    • Development
    • Testing
    • Deployment
  • Define and enforce:
    • Secure coding standards
    • Secure coding practices
    • DevSecOps integration
  • Ensure adoption of:
    • SAST (Static Application Security Testing)
    • DAST (Dynamic Application Security Testing)
    • SCA (Software Composition Analysis)
    • Penetration Testing frameworks
  • Establish security maturity metrics and SSDLC governance aligned with NIST SSDF and OWASP SAMM.

3. Engineering & DevSecOps Enablement

  • Partner with engineering teams to shift security left.
  • Drive adoption of DevSecOps practices and automation.
  • Enable teams through:
    • Security training and awareness
    • Secure coding guidelines
    • Architecture reviews
  • Implement and govern CI/CD security controls and secure pipeline configurations.
  • Act as a trusted advisor to engineering leadership.

4. Vulnerability & Risk Management

  • Oversee application and product vulnerability management lifecycle.
  • Define prioritization frameworks based on:
    • Risk severity
    • Business impact
  • Drive remediation programs and SLAs.
  • Conduct:
    • Penetration testing reviews
    • Security assessments
  • Interpret and prioritize findings from SAST, DAST, SCA, and penetration testing activities.

5. Cloud & Infrastructure Security

  • Provide security architecture for:
    • AWS / Azure / GCP environments
    • Container security (Docker, Kubernetes)
  • Define controls for:
    • Identity & Access Management (IAM)
    • Data protection (encryption, key management)
    • Network security

6. Regulatory Compliance & Governance

  • Ensure compliance with industry standards:
    • ISO 27001
    • SOC 2
    • GDPR and Data Privacy regulations
  • Implement audit-ready processes and controls.
  • Partner with risk teams for:
    • Security audits
    • Compliance assessments

7. Leadership & Stakeholder Management

  • Lead and mentor a team of Product Security Engineers and Architects.
  • Collaborate with:
    • Engineering leadership
    • Product management
    • Cybersecurity teams
    • External vendors and partners
  • Influence senior stakeholders on:
    • Security investments
    • Risk posture
    • Strategic priorities

8. Incident Readiness & Response

  • Support security incident handling related to product vulnerabilities.
  • Define incident response playbooks for product security risks.
  • Conduct post-incident reviews and improve controls.

Required Qualifications

Education

  • Bachelor’s or Master’s degree in:
    • Computer Science
    • Information Security
    • Engineering
    • Related field

Experience

  • 12–18+ years of experience in:
    • Application Security
    • Product Security
    • Security Architecture
    • DevSecOps
  • Proven experience in a leadership role (Senior Manager / Architect level).
  • Hands-on expertise in:
    • Secure application design
    • Threat modeling
    • Security architecture
    • Secure SDLC implementation

Technical Skills

Strong knowledge of:

  • OWASP Top 10
  • Secure coding standards
  • API security
  • NIST Secure Software Development Framework (SSDF) – SP 800-218
  • OWASP SAMM (Software Assurance Maturity Model)

Experience with:

  • Cloud security (AWS / Azure / GCP)
  • Container and Kubernetes security
  • CI/CD pipelines and DevOps tools
  • Implementation of CI/CD security controls and secure pipeline configurations
  • DevSecOps frameworks and automation

Strong understanding of:

  • SAST (Static Application Security Testing)
  • DAST (Dynamic Application Security Testing)
  • SCA (Software Composition Analysis)
  • Penetration Testing methodologies and frameworks
  • Security testing and vulnerability remediation workflows

Familiarity with:

  • SIEM and monitoring tools
  • Security orchestration and automation tools

Certifications (Preferred)

  • CISSP (Certified Information Systems Security Professional)
  • CSSLP (Certified Secure Software Lifecycle Professional)
  • CISM / CISA
  • AWS Security Specialty
  • Microsoft Azure Security Engineer
  • Relevant DevSecOps or Cloud Security certifications

Leadership Competencies

  • Strategic thinking with strong execution focus.
  • Ability to influence without authority.
  • Strong stakeholder management at the leadership level.
  • Problem-solving and risk-based decision making.
  • Ability to translate technical risks into business impact.
  • Strong communication and executive presentation skills.

Success Metrics (KPIs)

  • Reduction in critical vulnerabilities across products.
  • Adoption rate of Secure SDLC practices.
  • Improvement in security posture and audit outcomes.
  • Reduction in time-to-remediation.
  • Increased awareness and secure coding adoption across teams.
  • Improvement in SSDLC maturity and DevSecOps adoption.

Why This Role Is Critical

This role is central to ensuring that security scales with innovation. As organizations move toward cloud-native, API-driven, and digital-first ecosystems, the Product Security Architect ensures:

  • Security is embedded, not bolted on.
  • Risks are proactively managed rather than reactively addressed.
  • Engineering teams are enabled, not slowed down by security.
  • Secure development practices become part of the organizational culture.

Worker Type:

Employee

We are committed to creating an inclusive workplace and welcome applications from people of all backgrounds. We do not discriminate based on any protected characteristic under applicable law.

How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.

Post a resume

Similar jobs

AI/ML Trainer

Edunet Foundation, Hyderabad, Telangana
4 days ago
Edunet Foundation is Hiring for Technical Trainer for below locations Open Location: Khammam , Warrangal , Jaipur , KOTA , Ajmer , VijayawadaEmployment Type: Full-TimeExperience: Minimum of 2 years , Maximum - No BarAbout the RoleEdunet Foundation is looking for passionate Master Trainers / Technical Trainers to deliver AI and Data Science training under the AI Careers for Women (AICW)...

Application Support Team Lead

Computershare, Hyderabad, Telangana
5 days ago
Location: Hyderabad, India (Hybrid) This is a hybrid position primarily based in Hyderabad, India. We’re committed to your flexibility and wellbeing and our hybrid strategy currently requires three days a week in the office, giving you the option to work remotely for some of your working week. Find out more about our culture of flexible working. We give you a...

Clinical Terminologist

Truveta, Hyderabad, Telangana
1 week ago
Truveta is the world’s first health provider led data platform with a vision of Saving Lives with Data. Our mission is to enable researchers to find cures faster, empower every clinician to be an expert, and help families make the most informed decisions about their care. Achieving Truveta’ s ambitious vision requires an incredible team of talented and inspired people...