Product Security Architect

Role Overview

As a Security Architect at HBK, you will lead security architecture initiatives across our diverse product portfolio, including web, desktop, SaaS, cloud, embedded, and firmware solutions. You will act as a trusted advisor and hands-on expert, ensuring secure-by-design principles are embedded throughout the product lifecycle. This role requires deep technical expertise in security concepts, threat modelling, risk assessment, and modern development practices.

Key Responsibilities

• Consult and Assist: Guide multiple product teams in creating risk analyses (e.g., TARA) and performing Threat Modelling using STRIDE or Product relevant methods
• Enable Secure Design: Guide and mentor teams on secure software architecture principles and best practices.
• Process Integration: Adapt software development processes to leverage modern security tools (e.g., Static Code Analysis, Fuzzing, Security Testing Frameworks).
• Drive Security Decisions: Influence project decisions to implement robust security measures across products.
• Code & Config Review: Actively review source code and configurations for vulnerabilities; train teams to prevent recurring issues.
• Hardware Security: Provide guidance on hardware security measures and Secure Hardware Modules (SHM).
• Cryptography: Ensure correct application of basic cryptographic techniques for data protection.
• Compliance Alignment: Support adherence to relevant standards such as ISO 21434 (Automotive), IEC 62443 (Industrial), NIST SP 800 , EU CRA and ISO 27001.
• Guide product teams in implementing security controls required to achieve EU CRA compliance
  
  

• Proven experience in security architecture across multiple product types (web, desktop, SaaS, cloud, embedded, firmware).
• Deep technical understanding of security concepts (IAM, Secure Access, Secure Boot,Secure On board communication Encryption, Secure Coding Practices etc).
• Hands-on experience in Threat Modelling (STRIDE), Risk Analysis (TARA), Vulnerability hunting and source code reviews.
• Familiarity with one or more recognised security standards and regulations, such as EU CRA (Cyber Resilience Act), CSMS, UNECE R156/R157, ISO 21434 (Automotive), IEC 62443 (Industrial Control Systems), ISO 27001, and NIST SP 800 series
• Strong background in modern software development (C++, Java) on Linux/Android.
• Understanding of cryptographic fundamentals and secure hardware concepts.
• Strong expertise in both System and SW Engineering
• Expert in Requirement Engineering and requirement based development
• Proven experience in leading engineering teams and managing customer-facing projects
• Good understanding of different architectures, operating systems(Linux/QNX/Microsar), hardware & software security concepts, cryptography, debugging techniques
• Experience in interfacing with customer and review of customer requirements with a focus on cybersecurity impacts.
• Excellent communication skills to effectively engage with engineering teams, customers, and stakeholders.