Role Overview
As a Security Architect at HBK, you will lead security architecture initiatives across our diverse product portfolio, including web, desktop, SaaS, cloud, embedded, and firmware solutions. You will act as a trusted advisor and hands-on expert, ensuring secure-by-design principles are embedded throughout the product lifecycle. This role requires deep technical expertise in security concepts, threat modelling, risk assessment, and modern development practices.
Key Responsibilities
Consult and Assist: Guide multiple product teams in creating risk analyses (e.g., TARA) and performing Threat Modelling using STRIDE or Product relevant methods
Enable Secure Design: Guide and mentor teams on secure software architecture principles and best practices.
Process Integration: Adapt software development processes to leverage modern security tools (e.g., Static Code Analysis, Fuzzing, Security Testing Frameworks).
Drive Security Decisions: Influence project decisions to implement robust security measures across products.
Code & Config Review: Actively review source code and configurations for vulnerabilities; train teams to prevent recurring issues.
Hardware Security: Provide guidance on hardware security measures and Secure Hardware Modules (SHM).
Cryptography: Ensure correct application of basic cryptographic techniques for data protection.
Compliance Alignment: Support adherence to relevant standards such as ISO 21434 (Automotive), IEC 62443 (Industrial), NIST SP 800 , EU CRA and ISO 27001.
Guide product teams in implementing security controls required to achieve EU CRA compliance
Qualifications
Education:
Bachelor’s or Master’s degree in computer sciences, Cyber Security or some other engineering degree.
Required Experience and Skills
Proven experience in security architecture across multiple product types (web, desktop, SaaS, cloud, embedded, firmware).
Deep technical understanding of security concepts (IAM, Secure Access, Secure Boot,Secure On board communication Encryption, Secure Coding Practices etc).
Hands-on experience in Threat Modelling (STRIDE), Risk Analysis (TARA), Vulnerability hunting and source code reviews.
Familiarity with one or more recognised security standards and regulations, such as EU CRA (Cyber Resilience Act), CSMS, UNECE R156/R157, ISO 21434 (Automotive), IEC 62443 (Industrial Control Systems), ISO 27001, and NIST SP 800 series
Strong background in modern software development (C++, Java) on Linux/Android.
Understanding of cryptographic fundamentals and secure hardware concepts.
Strong expertise in both System and SW Engineering
Expert in Requirement Engineering and requirement based development
Proven experience in leading engineering teams and managing customer-facing projects
Good understanding of different architectures, operating systems(Linux/QNX/Microsar), hardware & software security concepts, cryptography, debugging techniques
Experience in interfacing with customer and review of customer requirements with a focus on cybersecurity impacts.
Excellent communication skills to effectively engage with engineering teams, customers, and stakeholders.
…