Security Architect

Overview

Job Title : - Security Architect. Product Security

Location, Bangalore, India

Role Summary

Aptean is hiring a Security Architect for Product Security to strengthen secure-by-design engineering across its global product portfolio. This role sits within the CISO organisation and operates as a direct partner to R & D, product engineering, and platform teams.

You will embed security into architecture and engineering decisions from the earliest stages of design. The focus is prevention. The role exists to reduce security risk before code reaches production.

You will influence how products are designed, built, and delivered across a multi-product SaaS environment. You will work upstream with architects and engineers, not downstream as a testing or assurance function.

This role requires strong engineering credibility, architectural depth, and the ability to translate security risk into clear engineering outcomes.

Key Responsibilities

Secure Architecture and Design Authority

• Define and maintain product security architecture standards across all Aptean platforms
• Establish reusable secure reference architectures and approved design patterns
• Review solution and platform designs and provide direct, actionable guidance to engineering teams
• Participate as a standing member of architecture review boards
• Ensure security requirements are addressed before design approval and development start
  
  

You own security outcomes at the architecture layer. Your input shapes how systems are built, not how findings are reported later.

Threat Modeling and Risk Driven Engineering

• Lead structured threat modeling using STRIDE or equivalent frameworks
• Identify trust boundaries, attack paths, and abuse scenarios at design time
• Translate identified risks into concrete architecture and engineering controls
• Ensure mitigations are designed into solutions before implementation
• Drive consistent threat modeling adoption across product teams
  
  

Threat modeling is a required engineering activity, not an optional exercise. You ensure teams treat it as such.

Shift Left and Secure SDLC Enablement

• Define and operationalize secure SDLC standards across engineering teams
• Embed security controls directly into CI CD pipelines and developer workflows
• Define security gates, release criteria, and policy enforcement points
• Standardize integration of SAST, SCA, and IaC security tooling
• Ensure security requirements align with engineering delivery velocity
  
  

Security starts with design and continues through build pipelines. You design the system that makes this work at scale.

Developer and Architect Enablement

• Educate engineers and architects on secure design and coding practices
• Build practical security playbooks aligned to real engineering workflows
• Establish and scale a security champion model across product teams
• Facilitate secure design workshops and architecture reviews
• Operate as a trusted advisor to engineering leadership
  
  

Your credibility with engineers matters. Your guidance must be practical, clear, and grounded in how teams build software.

Security Automation and AI Integration

• Drive adoption of AI assisted secure development practices
• Enable automation across code analysis, dependency management, and infrastructure validation
• Define guardrails for AI driven development and prompt based coding
• Ensure automated outputs meet defined security and architecture standards
  
  

DevSecOps Strategy and Platform Integration

• Define the enterprise DevSecOps architecture and maturity roadmap
• Build reusable CI CD templates with embedded security controls
• Partner with platform engineering to embed security into shared pipelines
• Enable policy as code and infrastructure as code security standards
• Ensure consistent enforcement across all product lines
  
  

Product Security Governance

• Define baseline product security requirements
• Align practices with OWASP, NIST SSDF, and secure by design principles
• Establish measurable KPIs tied to engineering outcomes
• Drive consistency across diverse product architectures
  
  

Cross Functional Leadership

• Partner closely with R and D, product management, and platform teams
• Represent security in engineering and architecture forums
• Influence roadmap decisions using risk based reasoning
• Communicate clearly with technical and non technical stakeholders
  
  

Scope of Role

This role focuses on prevention and engineering enablement.

Required Experience

• 8 to 10 years in application security, product security, or secure software development
• Strong background as a software engineer
• Hands on experience with Java, .NET, Python, or similar languages
• Experience with cloud native and SaaS architectures
• Proven track record embedding security into SDLC and engineering workflows
  
  

Technical Skills

Security Architecture

• Secure by design architecture
• Threat modeling methodologies
• Identity and access management
• API and microservices security
• Encryption and data protection
  
  

Engineering and DevSecOps

• CI CD pipeline design and security integration
• SAST, SCA, and IaC security concepts
• Container and Kubernetes security
• Cloud platforms such as AWS, Azure, or GCP
  
  

Automation and AI

• Python or similar scripting
• Security automation design
• AI assisted development workflows
  
  

Preferred Qualifications

• CSSLP or equivalent certification
• Cloud security certifications
  
  

Exposure to enterpr`1

---