Responsibilities
- Lead architectural security evaluations for both new and current systems, pinpointing potential threats and guiding secure design choices.
- Carry out threat modeling for platforms and services, converting identified threats into concrete engineering actions.
- Develop and execute data protection strategies encompassing data classification, encryption (in transit and at rest), and secure key and secrets management.
- Assess application designs and APIs to detect security vulnerabilities and architectural shortcomings.
- Evaluate third-party and vendor security postures to identify and address associated risks.
- Collaborate with engineering groups to resolve security findings and enhance system designs.
- Create and refine secure design patterns and development guidelines for engineering teams.
- Embed security practices into development processes to enable early risk detection and mitigation.
- Assess and strengthen security for AI and machine learning applications, focusing on risks like data exposure and prompt injection.
- Help shape organizational security standards, policies, and recommended practices.
