Lead Security Architect

Job Description

The world is changing in the way we consume products, from ownership to usership, and DigitalRoute is positioned in the centre of the transition. Because, when enterprises pivot to usage-based business models, they often make an unfortunate discovery. Their systems weren’t built to handle the massive data volumes and complexity that usage-based models generate. This causes them to leak revenue and respond too slowly to customer demand. DigitalRoute solves this by creating a real-time usage data layer for enterprises. Our products transform raw usage data into clear information for billing, in real time and at high scale.

We are looking for passionate security professionals to join our company and instrument the transition to a true SaaS organization. We are looking for our lead security architect, someone who will guide and mentor all architects and development teams on security topics and ensure we continue to deliver the most secure products and services. Also, we keep a very open mind – the main criterion for this role is to deliver value and continuously improve DR’s security posture on an intense cloud journey.

What you'll do
As Lead Security Architect you will be our main expert in software security topics at DigitalRoute, with two core areas of responsibility

• Ensuring DigitalRoute delivers software and services that are secure and guarantee data privacy without sacrificing usability. You will be working with product architects, developers, and service leaders to architect and build current and future products that are secure by design. (AppSec)
• With our DevOps and SRE teams, you will introduce, integrate and adjust security tools, checks, and tests – all as part of CI/CD, continuously scanning code for issues and vulnerabilities. (DevSecOps)
  You do not have to be equally skilled in both areas – the most
  important requirement is to be curious and willing to learn and
  master these domains

What you'll bring

• Experience working as a security architect, AppSec development, or other security-focused roles.
• Deep understanding of key security concepts – from encryption algorithms to incident response
  procedures.
• MSc. in Computer Science, or Information Security, or equivalency of education and work experience is desired.
• Structure, persistence, planning skills including a natural aptitude to enthuse and engage people and share knowledge.
• Ability to explain complex concepts in simple terms and talk to various audiences – from developers to executive leadership.
• Be brave to challenge the status quo and be able to identify opportunities for improvement, get the teams on board and oversee the execution.
• Lead by example and stay close to teams, problems and solutions. We are hands-on leaders – everyone is an engineer in our product team.
  

AppSec track:

• Experience in building and running cloud-native products, forklifting, and refactoring on-prem products for SaaS (Kubernetes, Microservices, AWS/Azure/GCP).
• Hands-on development or scripting experience (i.e. Java, JavaScript, bash), being able to read and understand the code flows and secure the product.
• Knowledge and know-how in threat modeling, security design, code review, security testing, SSDLC.

DevSecOps track:

• Experience working with SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and SCA (Software Composition Analysis) tools.
• Understanding how to make the tools an integral part of the development lifecycle and ensure a quick feedback loop for all findings.
• Knowledge of modern build and delivery systems and tools for both on-prem and cloud (I.e. Jenkins, ArgoCD, Github Actions, helm, Terraform)

Where you will fit in our organization:

• You will be part of our product leadership team, reporting directly to our CTO. Your peers will be lead product architects and heads of engineering.
• You will be building, enabling, and energizing a virtual community of security champions within our development teams.
• You will be working very closely with our CISO, IT team, and compliance team on our ISO certifications and various compliance efforts.
• You will occasionally have to support our sales teams in key deals that require DigitalRoute to demonstrate our products are architected and built using industry’ security best practices.

Further, we believe you to have experience in at least one of the following security tracks. We acknowledge that both tracks are hard to master at the same time – if you feel you fit at least one of them well and are interested in other ones, do not hesitate to apply.