Sr Principal Product Security Architect

As a technical leader of Product Security architecture for Dematic you will be critical to the advancement of security throughout the company, enabling the success and growth of the business in an environment of increasing demands for comprehensive and robust product security. Under the Vice President of Global Product Security, you will provide strategic and expertly informed technical security guidance to the product development, execution, sales, and support organizations across Dematic. You will be assist in defining and implementing a broad and detailed technical strategy for security that encompasses all Dematic products, including next-gen software solutions, existing software solutions, and operational technology solutions. You will play a crucial role in ensuring the development of truly secure products and the operation of those products in a robustly secure environment by providing best-in-class architectural guidance and vision, while passionately pursuing personal and organizational excellence in the field of security. You will collaborate with technology leadership and engineering teams to both define and implement the vision and strategy of the Product Security organization. You will inspire, guide, and support our development, execution, and customer-facing teams as they continuously progress toward greater maturity with respect to security knowledge and practice. You will be relied upon as an essential resource to proactively and efficiently defend our systems and data from attack, while ensuring that the security of our products meets and exceeds all relevant regulatory requirements. As an invaluable member of a highly collaborative organization that is dedicated to serving with the utmost in excellence and integrity, you will be ever growing in technical expertise and the skills necessary to equip our team to protect our organization, our customers, and our communities.We offer:

• Career Development
• Competitive Compensation and Benefits
• Pay Transparency
• Global Opportunities

Learn More Here: https://www.dematic.com/en-us/about/careers/what-we-offer

Dematic provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

The base pay range for this role is estimated to be $131,250 - $201,250 at the time of posting. Final compensation will be determined by various factors such as work location, education, experience, knowledge, and skills.

Tasks and Qualifications:

What you will do in this role:

• Provide strategic and expertly informed technical security guidance to globally distributed product development, execution, sales, and support organizations across Dematic.
• Contribute to technical security strategy that encompasses all Dematic products, including next-gen software solutions, existing software solutions, and operational technology solutions.
• Collaborate with leadership to both define and implement the vision and strategy of the Product Security organization.
• Drive advancement of technical and operational capabilities necessary to implement a robust product security strategy – one that is worthy of the trust placed in us by our customers and business partners.
• Provide guidance and leadership for all efforts to build security into every aspect of Dematic’s product development lifecycle, for both software and operational technology.
• Perform technical security risk assessments of internally developed as well as third-party products and systems.
• Advise and educate development teams with respect to application, cloud, and product security best practices, security automation, and the proper use of third-party security products and services.
• Build and maintain high-trust, highly collaborative relationships with teams and individuals in product development, product management, corporate security and compliance, and across the organization in general.
• Mentor application, infrastructure, and operational technology security engineers, as well as security champions globally distributed throughout the company.
• Provide guidance in response to product security incidents.
• Continuously learn, keep abreast of, and evaluate industry trends/direction and technical developments in the product and cloud security domains, and deeply engage with industry leaders to inform and direct Dematic security technology strategy.
• Perform research into and present on relevant security technology, practices, and threats.
• Work closely with a team of security staff, in conjunction with product development, to ensure company products and services withstand all foreseen and reasonable attacks.
• Engage with product management, customer sales/support, and other functions as needed to further business development from a security perspective.
• Potentially engage with customers directly as required by project leadership.

​

​What we are looking for:

• 10+ years hands-on experience in modern engineering environments, including at least 5 years as a hardware/software engineer and 5+ years in a security engineer/architect role.
• Extensive experience working in software development, enterprise architecture, and security engineering in public cloud environments, including GCP, AWS, and/or Azure.
• Strong development skills (both backend and frontend) in multiple languages, platforms, and frameworks, including Java, Python, C, C++, C#, JavaScript, TypeScript, Node, React, and Golang.
• Deep knowledge of Operation Technology security and the associated regulatory frameworks.
• Extensive experience with AppSec, OT security, and cloud security principles, patterns, and techniques, along with the ability to apply this knowledge to analyze complex software and hardware systems, architectures, and code to uncover weaknesses and vulnerabilities.
• Deep understanding of public cloud security models, best practices, and compliance frameworks / regulations.
• Expert understanding of the application of efficient zero trust security models to meet security and compliance requirements while providing the flexibility needed to enable the business to flourish.
• Expert threat modeling skills.
• Significant experience in infrastructure as code, compliance as code, container-based / Kubernetes deployments, serverless architectures, and DevSecOps continuous deployment environments.
• Proficiency in applied cryptography, including the full spectrum of methods, algorithms, uses, and patterns.
• Experience successfully mentoring and leading technical staff and small teams.
• Proven ability to successfully lead in the face of complex risk environments.
• Preference for and ability to thrive in highly collaborative work environments.
• Passionate and quick learner.
• Dedicated, highly motivated, energetic and relentless pursuer of quality and successful outcomes that benefit the broader team, organization, and community.
• Open and direct communicator.
• Outstanding written and spoken communication skills, including public speaking and communicating before engineering, business, and executive leadership.
• Experience presenting persuasive arguments and complex information before technical and non-technical leadership.
• Experience giving industry conference presentations a significant plus.
• Bachelor’s degree in computer science or other STEM discipline is required, however, equivalent experience may be substituted.
• Graduate degree is a plus.
• Technical security certifications (such as GIAC certifications or Offensive Security certifications) are highly desirable, especially in ICS, application security, and cloud security.