Product Security Architect

Role Overview

As a Security Architect at HBK, you will lead security architecture initiatives across our diverse product portfolio, including web, desktop, SaaS, cloud, embedded, and firmware solutions. You will act as a trusted advisor and hands-on expert, ensuring secure-by-design principles are embedded throughout the product lifecycle. This role requires deep technical expertise in security concepts, threat modelling, risk assessment, and modern development practices.

Key Responsibilities

• Consult and Assist: Guide multiple product teams in creating risk analyses (e.g., TARA) and performing Threat Modelling using STRIDE or Product relevant methods

• Enable Secure Design: Guide and mentor teams on secure software architecture principles and best practices.

• Process Integration: Adapt software development processes to leverage modern security tools (e.g., Static Code Analysis, Fuzzing, Security Testing Frameworks).

• Drive Security Decisions: Influence project decisions to implement robust security measures across products.

• Code & Config Review: Actively review source code and configurations for vulnerabilities; train teams to prevent recurring issues.

• Hardware Security: Provide guidance on hardware security measures and Secure Hardware Modules (SHM).

• Cryptography: Ensure correct application of basic cryptographic techniques for data protection.

• Compliance Alignment: Support adherence to relevant standards such as ISO 21434 (Automotive), IEC 62443 (Industrial), NIST SP 800 , EU CRA and ISO 27001.

• Guide product teams in implementing security controls required to achieve EU CRA compliance

Qualifications

Education:

Bachelor's or Master's degree in computer sciences, Cyber Security or some other engineering degree.

Required Experience and Skills

• Proven experience in security architecture across multiple product types (web, desktop, SaaS, cloud, embedded, firmware).

• Deep technical understanding of security concepts (IAM, Secure Access, Secure Boot,Secure On board communication Encryption, Secure Coding Practices etc).

• Hands-on experience in Threat Modelling (STRIDE), Risk Analysis (TARA), Vulnerability hunting and source code reviews.

• Familiarity with one or more recognised security standards and regulations, such as EU CRA (Cyber Resilience Act), CSMS, UNECE R156/R157, ISO 21434 (Automotive), IEC 62443 (Industrial Control Systems), ISO 27001, and NIST SP 800 series

• Strong background in modern software development (C++, Java) on Linux/Android.

• Understanding of cryptographic fundamentals and secure hardware concepts.

• Strong expertise in both System and SW Engineering

• Expert in Requirement Engineering and requirement based development

• Proven experience in leading engineering teams and managing customer-facing projects

• Good understanding of different architectures, operating systems(Linux/QNX/Microsar), hardware & software security concepts, cryptography, debugging techniques

• Experience in interfacing with customer and review of customer requirements with a focus on cybersecurity impacts.

• Excellent communication skills to effectively engage with engineering teams, customers, and stakeholders.