What are the responsibilities and job description for the Principal Product Security Architect & Engagement Lead position at Jobs via Dice?
Dice is the leading career destination for tech experts at every stage of their careers. Our client, Digital Dhara LLC, is seeking the following. Apply via Dice today!
Role Summary
Lead and govern the end-to-end product lifecycle cybersecurity assessment engagement for the customer product, including CRA-aligned security evaluation, architecture assessment, threat modeling, technical oversight, evidence traceability, and executive reporting. Serve as the primary customer interface and ensure all assessment activities are executed in compliance with export-control requirements.
Key Responsibilities
Mandatory:
Role Summary
Lead and govern the end-to-end product lifecycle cybersecurity assessment engagement for the customer product, including CRA-aligned security evaluation, architecture assessment, threat modeling, technical oversight, evidence traceability, and executive reporting. Serve as the primary customer interface and ensure all assessment activities are executed in compliance with export-control requirements.
Key Responsibilities
- Lead overall engagement delivery, governance, and customer coordination
- Conduct product security architecture assessments and threat modeling activities
- Perform trust boundary analysis and review data flows across product components and external integrations
- Oversee CRA-aligned assessment methodology, compliance traceability, and lifecycle security evaluation
- Evaluate operational resilience, recovery considerations, and lifecycle security controls across deployed product environments
- Review secure-by-design implementation and product security governance practices
- Guide technical testing activities and validate risk prioritization and exploitability context
- Review security findings and ensure consistency across technical and compliance outputs
- Lead executive reporting, release readiness assessment, and remediation discussions
- Ensure evidence collection and assessment outputs align to CRA requirements
- Review lifecycle security considerations including secure decommissioning and data disposal practices
- Enforce export-control compliant handling of personnel, systems, and data
- Provide final quality assurance and assessment signoff oversight
Mandatory:
- Strong experience in product cybersecurity and secure-by-design principles
- Expertise in threat modelling, architecture review, and trust boundary analysis
- Strong understanding of product lifecycle security and operational resilience concepts
- Familiarity with secure SDLC, SBOM governance, and vulnerability management practices
- Strong executive communication and stakeholder management capability
- Experience across both offensive security and security architecture domains
- Experience leading CRA, regulated product security, or compliance-driven cybersecurity assessments
- Experience leading engagement in export-controlled environments
- CISSP, CSSLP, SABSA / TOGAF (preferred)
- FedRAMP or regulated environment experience preferred
- 7-10 years in product application security
- 5 years in complex customer assessment and regulatory assessment engagements