Security Solutions Architect

This position is open exclusively for Ukrainian residents within Ukraine (preferably Kyiv or Lviv).

We are looking for an Security Solutions Architect to join our Security Engineering team and work with us on building secure software and solutions for our customers. If you are interested in designing and building security solutions that address complex risks and threats, reviewing and implementing API protocols and subsystems, designing security controls, working hand-in-hand with software developers to build secure systems — this may be the position for you.

Main responsibilities:

• Architect security features, modules and protocols in mission critical software, ensuring alignment with business objectives, functional and non-functional requirements.
• Assess and evaluate the security design of systems, components and their API.
• Search for security weaknesses in software designs from novel fields and areas.
• Perform risk analysis and threat modelling to evaluate available and missing security controls.
• Collaborate with stakeholders, including developers, product managers, and executives, to gather requirements and translate them into security architecture.
• Participate in SSDLC for our products and our customers’ products. Explain architecture choices, work together with developers to select security controls that would improve security without restricting usability/performance.
• Stay up to date with emerging security threats, vulnerabilities, and controls (read articles and papers, follow CVE updates, understand how threat landscape is changing, understand how to apply described ideas, read NIST guidelines).
• Dive into application security, infrastructure security, cloud and on-prem infrastructures, dedicated hardware, IoT security, ML security, and weird stuff beyond casual imagination with our team of skilled engineers. See example of our work.
• Share your work as conference talks, blogposts (see React Native security example, contribute to open source standards like OWASP.

Requirements:

• 2+ years as Solution Architect or similar position.
• Experience designing and implementing security controls in a technically diverse environment.
• Experience in performing design review for multi-component systems (web, cloud, hardware).
• Understanding security standards and methodologies (NIST, ISO, CMMI, SOC).
• Understanding SSDLC and its difficulties. OWASP SSDLC, NIST SSDF.
• Communication skills: you will communicate about security technical topics with both technical and non-technical audiences (C-level managers, developers, product owners).
• An overall understanding of what information security is, how real-world risks and threats affect the choice of security controls. How to combine detective, preventive and corrective controls.
• Experience in popular security tools required for the job, or ability to learn them quickly.
• English level B2+.

Nice to have:

• Understanding risk management and threat modelling (NIST RMF, FAIR, STRIDE, MITRE ATT&CK).
• Understanding of application security verification and software maturity frameworks: OWASP SAMM, OWASP ASVS, OWASP MASVS.
• A certain area of expertise and deep interest: web, cloud, IoT, infrastructure — an area where you have “seen things” and ready to share experience.
• Experience with clouds: AWS, Azure, GCP, understanding the “cloud responsibility gap”.
• Basic knowledge in cryptography: understanding the differences between symmetric and asymmetric cryptography, hashing, KDF.
• Knowledge in one of several business domains: banking / finance / payment processing, cryptocurrencies.
• Practical experience in any programming language.

Hiring process:

• Resume review — up to 5 business days.
• Introductory meeting with the Head of security engineering.
• Test task — estimated time 1-3 hours.
• Technical interview with several team members.
• Offer discussion.

What’s in it for you?

• Competitive compensation with a flexible and clear bonus scheme.
• Paid vacation — 21 business days per calendar year.
• Paid sick leaves.
• Hybrid work model: this position allows for a combination of in-office and remote work as needed.
• Combining technologies: hardware engineering, software engineering, cryptography, information security.
• You will work with people deeply interested in security engineering, you will learn a lot
• Reasonable time budgets and an attitude to build things well — we prioritise building for decades, rather than just until the next release.
• Conferences, books, courses — we encourage learning and sharing with the community. Our team members share a a lot in talks, workshops, and blog posts.
• Public track record in the open-source aspect of our products.