Product Security Architect

Role Overview

As a Security Architect at HBK you will lead security architecture initiatives across our diverse product portfolio including web desktop SaaS cloud embedded and firmware solutions. You will act as a trusted advisor and hands-on expert ensuring secure-by-design principles are embedded throughout the product lifecycle. This role requires deep technical expertise in security concepts threat modelling risk assessment and modern development practices.

Key Responsibilities

• Consult and Assist: Guide multiple product teams in creating risk analyses (e.g. TARA) and performing Threat Modelling using STRIDE or Product relevant methods

• Enable Secure Design: Guide and mentor teams on secure software architecture principles and best practices.

• Process Integration: Adapt software development processes to leverage modern security tools (e.g. Static Code Analysis Fuzzing Security Testing Frameworks).

• Drive Security Decisions: Influence project decisions to implement robust security measures across products.

• Code & Config Review: Actively review source code and configurations for vulnerabilities; train teams to prevent recurring issues.

• Hardware Security: Provide guidance on hardware security measures and Secure Hardware Modules (SHM).

• Cryptography: Ensure correct application of basic cryptographic techniques for data protection.

• Compliance Alignment: Support adherence to relevant standards such as ISO 21434 (Automotive) IEC 62443 (Industrial) NIST SP 800 EU CRA and ISO 27001.

• Guide product teams in implementing security controls required to achieve EU CRA compliance

Qualifications

Education:

Bachelors or Masters degree in computer sciences Cyber Security orsome other engineering degree.

Required Experience and Skills

• Proven experience in security architecture across multiple product types (web desktop SaaS cloud embedded firmware).

• Deep technical understanding of security concepts (IAM Secure Access Secure BootSecure On board communication Encryption Secure Coding Practices etc).

• Hands-on experience in Threat Modelling (STRIDE) Risk Analysis (TARA) Vulnerability hunting and source code reviews.

• Familiarity with one or more recognised security standards and regulations such as EU CRA (Cyber Resilience Act) CSMS UNECE R156/R157 ISO 21434 (Automotive) IEC 62443 (Industrial Control Systems) ISO 27001 and NIST SP 800 series

• Strong background in modern software development (C Java) on Linux/Android.

• Understanding of cryptographic fundamentals and secure hardware concepts.

• Strong expertise in both System and SW Engineering

• Expert in Requirement Engineering and requirement based development

• Proven experience in leading engineering teams and managing customer-facing projects

• Good understanding of different architectures operating systems(Linux/QNX/Microsar) hardware & software security concepts cryptography debugging techniques

• Experience in interfacing with customer and review of customer requirements with a focus on cybersecurity impacts.

• Excellent communication skills to effectively engage with engineering teams customers and stakeholders.