Lead Security Architect

The world is changing in the way we consume products, from ownership to usership, and DigitalRoute is positioned in the centre of the transition. Because, when enterprises pivot to usage-based business models, they often make an unfortunate discovery. Their systems weren’t built to handle the massive data volumes and complexity that usage-based models generate. This causes them to leak revenue and respond too slowly to customer demand. DigitalRoute solves this by creating a real-time usage data layer for enterprises. Our products transform raw usage data into clear information for billing, in real time and at high scale.

We are looking for a passionate security professional to join our company and instrument the transition to a true SaaS organization. We are looking for our lead security architect, who will guide and mentor all architects and development teams on security topics and ensure we continue delivering the most secure products and services. Also, we keep a very open mind – the main criterion for this role is to provide value and continuously improve DR’s security posture on an intense cloud journey.

What you'll do

As Lead Security Architect you will be our main expert in software security topics at DigitalRoute, with two core areas of responsibility

• Ensuring DigitalRoute delivers software and services that are secure and guarantee data privacy without sacrificing usability. You will be working with product architects, developers, and service leaders to architect and build current and future products that are secure by design. (AppSec)
• With our DevOps and SRE teams, you will introduce, integrate and adjust security tools, checks, and tests – all as part of CI/CD, continuously scanning code for issues and vulnerabilities. (DevSecOps)

AppSec track:

• Experience in building and running cloud-native products, forklifting, and refactoring on-prem products for SaaS (K8S, microservices, AWS/Azure/GCP).
• Hands-on development or scripting experience (i.e. Java, JavaScript, bash), being able to read and understand the code flows and secure the product.
• Knowledge and know-how in threat modeling, security design, code review, security testing, SSDLC.
• Ability to coach and share security best practices with our dev teams.
• Opinions on how to define and manage CVE management policies with our dev teams.

DevSecOps track

• Experience working with SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and SCA (Software Composition Analysis) tools.
• Understanding how to make the tools an integral part of the development lifecycle and ensuring a quick feedback loop for all findings.
• Knowledge of modern build and delivery systems and tools for both on-prem and cloud (I.e. Jenkins, ArgoCD, GitHub Actions, helm, Terraform

Further, we believe you to have experience in at least one of the following security tracks. We acknowledge that both tracks are hard to master at the same time – if you feel you fit at least one of them well and are interested in other ones, do not hesitate to apply.

In addition, you will act as a stand-in CISO for DigitalRoute. This means being the public face of security for DigitalRoute, with our customers and auditors.

What you'll bring

• Experience working as a security architect, AppSec development or other security-focused roles.
• Deep understanding of key security concepts – from encryption algorithms to incident response procedures.
• MSc. in Computer Science, or Information Security, or equivalency of education and work experience is desired.
• Structure, persistence, and planning skills including natural aptitude to enthuse and engage people and share knowledge.
• Ability to explain complex concepts in simple terms and talk to various audiences – from developers to executive leadership.
• Be brave to challenge the status quo and able to identify opportunities for improvement, get the teams on board and oversee the execution.
• Lead by example and stay close to teams, problems and solutions. We are hands-on leaders – everyone is an engineer in our product team.

Where you will fit in our organization

• You will be part of our product leadership team, reporting directly to our CTO. Your peers will be lead product architects and heads of engineering and products.
• You will be building, enabling, and energizing a virtual community of security champions within our development teams.
• You will be working very closely with our IT team and our compliance team on our ISO certifications and various compliance efforts.
• You will occasionally have to support our sales teams in key deals that require DigitalRoute to demonstrate our products are architected and built using the industry’ security best practices.
• With a primary focus on security architecture for a global cloud vendor but with exposure to our management team, our customers, and auditors, this position is a great opportunity to expand your horizons and grow your career.