Security Architect

RESPONSIBILITIES:

• Design and document secure, scalable architectures across cloud, application, endpoint, and SaaS environments to support growth and innovation
• Lead the implementation and continuous improvement of security capabilities across areas such as threat detection, identity and access management, data protection, and vulnerability management
• Drive secure deployment practices through automation, documentation, and process standardization
• Lead security architecture and control design for WHOOP AI initiatives, including the secure use of third-party AI APIs, protection of sensitive data in AI-powered product features, governance of in-house models and MCP infrastructure, and responsible use of AI capabilities across internal and SaaS platforms
• Partner with Engineering, Product Security, and IT to review new systems and features, advise on tradeoffs, and deliver secure-by-default outcomes
• Serve as a trusted technical leader and mentor across the security and engineering organization
• Drive the architecture and evolution of vulnerability management capabilities, ensuring integration with development pipelines, infrastructure, and program-level visibility
• Align architectural decisions with applicable regulatory requirements and security standards, including GDPR, SOC 2, ISO 27001, PCI, NIST, laws governing health and biometric data, and emerging AI risk and governance frameworks
• Help integrate frameworks like NIST into secure development and operational practices
• Define technical success criteria and partner on security metrics and dashboards that drive accountability and visibility across the organization

QUALIFICATIONS:

• 7–10 years of experience in security architecture, security engineering, or technical security leadership roles supporting complex, distributed systems
• Certifications such as AWS Security Specialty, CCSK,OSCP, or CISSP are strongly valued, but not required.
• Demonstrated expertise in cloud security, particularly in AWS environments and modern cloud-native architectures
• Ability to operate across technical depths, from threat modeling and system design to secure implementation guidance and risk tradeoff discussions
• Proven success collaborating with Engineering, Product, and Infrastructure teams to drive secure outcomes in fast-paced, product-led environments
• Direct experience with AI/ML security and governance, including secure implementation of third-party AI services, protection of sensitive data across internal models and AI-powered features, and support for policy development, auditability, and control across enterprise and SaaS AI tools, including MCP infrastructure, model access, and responsible use
• Experience aligning security programs and architecture with industry frameworks and compliance obligations such as GDPR, SOC 2, ISO 27001, PCI, and NIST
• Strong written and verbal communication skills, with a focus on documentation, stakeholder alignment, and clarity under pressure and the emotional intelligence to collaborate without ego
• High degree of ownership, autonomy, and a proactive, solution-oriented mindset
• Passion for mentorship, process maturity, operational rigor, and helping security functions scale through automation and shared accountability