Product Security Architect

Stellar Consulting Solutions is a boutique business & technology consulting company headquartered in Atlanta, GA. We deliver high quality, agile, and experienced workforce for niche technology projects of any scale. We help forward thinking clients to solve specific problems by understanding their needs and align talent that can move fluidly to match skill supply and demand on a real-time basis. Stellar Consulting has a unique combination of technical and digital skills to recruit, engage, and retain qualified talent. We have a stellar reputation for striving to achieve high ethical standards. Our use of Innovative techniques and industry best practices has made us one of the fastest growing boutique firms delivering to enterprise business. Responsibilities:

• Advise on the secure design of product and application architecture.
• Perform Threat Modelling, assess and document product risks and/or application designs.
• Work with product teams and shared services to determine appropriate scanning cadence based on risk.
• Develop and maintain checklists and working aides for secure development.
• Design solution blueprints that meet the security needs of the system.
• Approve security guidance and training materials provided to development teams.
• Provides input to security risk impact assessment.
• Approve architecture change proposals from a security perspective.
• Conduct Third party/Alliances assessments.
• Be a key advisor to the overall strategy and roadmap of the Product Security Program.
• Be a part of the Product Security Incident Response Team (PSIRT) at SailPoint.

• Bachelor's degree with 12+ years of experience/Master's degree with 8+ years of experience in IT Security
• 6-8 years of Technical Product Security related experience around Threat Modeling and Attack Surface Analysis.
• Proven track record of solving complex Product Security issues and protecting products using a risk-based approach.
• Extensive knowledge of the current Product Security threat landscape and industry best practices.
• Extensive experience of performing Threat Modeling and Product Security design reviews and incorporating them as part of SSDLC processes.
• Experience with compliance/certification frameworks such as ISO27001, SOC2, FedRAMP, SOX, GDPR from a Product Security standpoint.
• Experience working in Agile development with experience in the following technologies:
  • Containers (Docker, Kubernetes, or similar)
  • Infrastructure as code (Vagrant, Docker, Ansible, Chef, Terraform, or similar)
  • Continuous integration (Jenkins, Bamboo, Hudson, or similar.)
  • Integration of Security testing tools into pipeline
  • Defect tracking (Jira, Bugzilla, ServiceNow, or similar.)
  • Source code management (GitLab, GitHub, BitBucket, or similar.)
  • QA Testing tools (nUnit, jUnit, Selenium, Cucumber, or similar.)
  • Application security testing tools (SAST, DAST, IAST, SCA, or similar.)
  • Various nix distributions
  • Cloud environment (AWS, Azure, or similar)
• Ability to innovate and find creative solutions that balance the needs of the business with the needs of security.
• Minimal travel (< 10%) to Austin,TX
• Certification such as CISSP, CISSP-ISSAP, CSSLP, OSCP, GSEC