Job Summary

The Secure Development Lifecycle (SDL) Architecture Engineer is a key individual contributor within the Global Security Team, reporting into the Secure Development Lifecycle Architecture function. This role partners closely with the SDL Senior Architect (director-level IC) to design, implement, and scale secure-by-design practices across a hybrid cloud environment.

As an SDL Architecture Engineer, you will operationalize security architecture principles into engineering workflows, ensuring that security is embedded throughout the software development lifecycle—from design through deployment. You will collaborate with product engineering, cloud platform teams, DevOps, and application security stakeholders to drive consistent, measurable, and automated security outcomes across multi-cloud and on-prem environments.

This is a highly technical, hands-on role with strategic influence, requiring a blend of security architecture, software engineering, and cloud-native expertise.

Job Requirements

• Partner with SDL Senior Architect to define and evolve the organization’s Secure Development Lifecycle strategy, standards, and reference architectures
• Translate security architecture principles into actionable engineering patterns, guardrails, and reusable frameworks
• Integrate security controls into CI/CD pipelines, developer tooling, and platform engineering workflows
• Design and implement scalable solutions for:
  • Application security (SAST, DAST, SCA, secrets detection)
  • Container and Kubernetes security
  • Infrastructure-as-Code (IaC) security
  • API and microservices security
• Collaborate with engineering teams to embed security requirements into system design, threat modeling, and code development practices
• Drive adoption of “shift-left” security practices and developer-friendly security tooling
• Conduct architecture reviews, threat modeling sessions, and security design consultations
• Develop automation to enforce policy-as-code and continuous compliance across hybrid cloud environments
• Partner with DevOps and platform teams to implement secure-by-default configurations and golden paths
• Measure and report on SDL effectiveness using KPIs and risk-based metrics
• Mentor engineers and champion security best practices across the organization
• Stay current on emerging threats, vulnerabilities, and industry trends to continuously improve SDL capabilities

Qualifications

Minimum Qualifications

• Bachelor’s degree in Computer Science, Information Security, or a related technical field (or equivalent experience)
• 5+ years of experience in application security, cloud security, or secure software engineering
• Hands-on experience with secure development practices and SDL methodologies
• Experience integrating security tools into CI/CD pipelines (e.g., GitHub Actions, Jenkins, GitLab CI)
• Strong understanding of:
  • Secure coding principles and common vulnerabilities (e.g., OWASP Top 10)
  • Cloud platforms (AWS, Azure, or GCP)
  • APIs, microservices, and distributed system architectures

Preferred Qualifications

• Experience working in a hybrid cloud enterprise environment
• Deep expertise in one or more areas:
  • Application security engineering
  • Cloud-native security architecture
  • DevSecOps and platform engineering
• Experience implementing policy-as-code (e.g., OPA, Sentinel)
• Familiarity with zero trust architecture principles
• Experience with threat modeling methodologies (e.g., STRIDE, PASTA)
• Relevant certifications such as:
  • CISSP
  • CSSLP
  • AWS/Azure Security Specialty
  • GIAC certifications
• Experience building developer enablement programs or security champions initiatives