Security Architect

Overview Job Title : - Security Architect. Product Security Location, Bangalore, India Role Summary Aptean is hiring a Security Architect for Product Security to strengthen secure-by-design engineering across its global product portfolio. This role sits within the CISO organisation and operates as a direct partner to R & D, product engineering, and platform teams. You will embed security into architecture and engineering decisions from the earliest stages of design. The focus is prevention. The role exists to reduce security risk before code reaches production. You will influence how products are designed, built, and delivered across a multi-product SaaS environment. You will work upstream with architects and engineers, not downstream as a testing or assurance function. This role requires strong engineering credibility, architectural depth, and the ability to translate security risk into clear engineering outcomes. Key Responsibilities Secure Architecture and Design Authority Define and maintain product security architecture standards across all Aptean platforms Establish reusable secure reference architectures and approved design patterns Review solution and platform designs and provide direct, actionable guidance to engineering teams Participate as a standing member of architecture review boards Ensure security requirements are addressed before design approval and development start You own security outcomes at the architecture layer. Your input shapes how systems are built, not how findings are reported later. Threat Modeling and Risk Driven Engineering Lead structured threat modeling using STRIDE or equivalent frameworks Identify trust boundaries, attack paths, and abuse scenarios at design time Translate identified risks into concrete architecture and engineering controls Ensure mitigations are designed into solutions before implementation Drive consistent threat modeling adoption across product teams Threat modeling is a required engineering activity, not an optional exercise. You ensure teams treat it as such. Shift Left and Secure SDLC Enablement Define and operationalize secure SDLC standards across engineering teams Embed security controls directly into CI CD pipelines and developer workflows Define security gates, release criteria, and policy enforcement points Standardize integration of SAST, SCA, and IaC security tooling Ensure security requirements align with engineering delivery velocity Security starts with design and continues through build pipelines. You design the system that makes this work at scale. Developer and Architect Enablement Educate engineers and architects on secure design and coding practices Build practical security playbooks aligned to real engineering workflows Establish and scale a security champion model across product teams Facilitate secure design workshops and architecture reviews Operate as a trusted advisor to engineering leadership Your credibility with engineers matters. Your guidance must be practical, clear, and grounded in how teams build software. Security Automation and AI Integration Drive adoption of AI assisted secure development practices Enable automation across code analysis, dependency management, and infrastructure validation Define guardrails for AI driven development and prompt based coding Ensure automated outputs meet defined security and architecture standards DevSecOps Strategy and Platform Integration Define the enterprise DevSecOps architecture and maturity roadmap Build reusable CI CD templates with embedded security controls Partner with platform engineering to embed security into shared pipelines Enable policy as code and infrastructure as code security standards Ensure consistent enforcement across all product lines Product Security Governance Define baseline product security requirements Align practices with OWASP, NIST SSDF, and secure by design principles Establish measurable KPIs tied to engineering outcomes Drive consistency across diverse product architectures Cross Functional Leadership Partner closely with R and D, product management, and platform teams Represent security in engineering and architecture forums Influence roadmap decisions using risk based reasoning Communicate clearly with technical and non technical stakeholders Scope of Role This role focuses on prevention and engineering enablement. Required Experience 8 to 10 years in application security, product security, or secure software development Strong background as a software engineer Hands on experience with Java, .NET, Python, or similar languages Experience with cloud native and SaaS architectures Proven track record embedding security into SDLC and engineering workflows Technical Skills Security Architecture Secure by design architecture Threat modeling methodologies Identity and access management API and microservices security Encryption and data protection Engineering and DevSecOps CI CD pipeline design and security integration SAST, SCA, and IaC security concepts Container and Kubernetes security Cloud platforms such as AWS, Azure, or GCP Automation and AI Python or similar scripting Security automation design AI assisted development workflows Preferred Qualifications CSSLP or equivalent certification Cloud security certifications Exposure to enterpr`1