Security Architect

Job Description

As a Security Architect at Philips, you are an integral part of a team that works to develop high-quality solutions for various software applications and products. Drive significant business impact through your capabilities and contributions, and apply deep technical expertise and problem-solving methodologies to tackle a diverse array of cybersecurity challenges that span multiple technology domains. The role has a global responsibility in IGT-D and needs to collaborate with all IGT-D stakeholders globally and other Philips cybersecurity departments. You will also be a member of our global architecture team.

Your role:

• Guides the evaluation of current cybersecurity principals, processes, and controls, and leads the evaluation of new technology using existing standards and frameworks
• Regularly provides technical guidance and direction to support the business and its technical teams, contractors, and vendors.
• Works with stakeholders and senior leaders to recommend business modifications during periods of vulnerability
• Serves as function-wide subject matter expert in one or more areas of focus
• Actively contributes to the engineering community as an advocate of firmwide frameworks, tools, and practices of the Software Development Life Cycle
• Influences peers and project decision-makers to consider the use and application of leading-edge technologies
• Adds to team culture of diversity, equity, inclusion, and respect.
• Perform and develop strategic cyber security roadmaps for the products and services.
• Conduct threat modeling and architectural assessments of applications to encompass all aspects of information security, ensuring security by design.
• Document identified threats and provide corresponding mitigation strategies.
• Evaluate technologies and solutions to enhance security capabilities.
• Identify security gaps and communicate associated business risks to relevant stakeholders.
• Provide solutions aligned with business needs, considering security and compliance requirements.
• Verify the effectiveness of security controls in mitigating identified risks.
• Assist engineering projects throughout the Secure Software Development Life Cycle (SSDLC) and collaborate to effectively prioritize product security elements.

You're the right fit if: (4 x bullets max)

• Formal training or certification on Cybersecurity concepts and 10+ years applied experience
• Hands-on practical experience high quality threat models and knowledge of MITRE framework, STRIDE framework and kill chains.
• Proficient in Cryptographic Security Controls (Key Management Systems).
• Strong knowledge of information security principles, security architectures, frameworks, standards, and emerging threats, with the ability to implement effective mitigation strategies.
• Deep understanding of network protocols, operating systems, databases, applied cryptography, least privilege, zero trust principles, identity & access management, and other core information security concepts.
• Familiarity with regulatory requirements and compliance standards (NIST, ISO 27001, GDPR, FDA, HIPPA).
• Expertise in cloud computing and its associated best security practices, covering applications, infrastructure, storage, platforms, and data security.
• Hands-on experience in performing threat modeling for applications, identifying threats, and suggesting optimal mitigation strategies.
• Strong understanding of threat modeling methodologies (e.g., STRIDE, DREAD, PASTA).
• Proficiency in using threat modeling tools (e.g., Microsoft Threat Modeling Tool, Threat Modeler, OWASP Threat Dragon).
• In-depth knowledge of common security vulnerabilities (e.g., OWASP Top Ten, CVEs) and attack vectors.
• Must have experience in architecting and securing Cloud Computing Platforms such as Azure or AWS.
• Architecture & Networking , Identity & Access Management, Securing the CI/CD Pipeline, Secrets and Data Protection, logging and monitoring and Security controls for Containers(e.g., Dockers, Kubernetes).
• Excellent communication and interpersonal skills, with the ability to interact with stakeholders at all levels and explain complex security concepts in an easily understandable manner.
• Good understanding of relevant laws, regulations, and industry standards

How we work together

We believe that we are better together than apart. For our office-based teams, this means working in-person at least 3 days per week.

Onsite roles require full-time presence in the company’s facilities.

Field roles are most effectively done outside of the company’s main facilities, generally at the customers’ or suppliers’ locations.

Indicate if this role is an office/field/onsite role.