Staff Product Security Architect (Cybersecurity)

TL;DR

Staff Product Security Architect (Cybersecurity): Serving as a strategic security partner for the Core DevOps organization to enable secure-by-default development of the CI/CD platform with an accent on pipeline security and supply chain attack prevention. Focus on identifying systemic security risks, designing preventive architectural solutions, and coordinating comprehensive security reviews across the SDLC.

Location: Remote (Global)

Salary: $140,000 – $260,000 (for US residents)

Company

hirify.global is an open-core software company that develops a comprehensive DevOps platform used by over 100,000 organizations to enable collaborative software creation.

What you will do

• Act as the dedicated security architect and strategic partner for Core DevOps functional leadership.
• Lead security architecture and design for strategic initiatives, providing proactive guidance to cross-functional teams.
• Identify, assess, and drive the reduction of systemic security risks in CI/CD pipelines and source code management.
• Conduct security architecture reviews for large strategic projects across Plan, Create, Verify, and Package stages.
• Develop and communicate security standards and patterns specific to CI/CD security.
• Collaborate with Application Security engineers to ensure comprehensive security review coverage.

Requirements

• Deep expertise in CI/CD pipeline security, including runner isolation, secrets management, and supply chain attack prevention.
• Strong understanding of source code management security, merge request workflows, and access control patterns.
• Proven experience securing DevOps toolchains and identifying systemic risks in continuous integration systems.
• Strong background in application security, including authentication, authorization, and multi-tenant isolation.
• Ability to influence technical direction through collaboration with engineering leadership.
• Experience translating complex security concepts into actionable recommendations for technical audiences.

Nice to have

• Experience with container registry and package management security.
• Knowledge of cryptographic systems, key management, and the SLSA framework.
• Expertise in GraphQL security or AI-augmented development workflows.
• Familiarity with government security requirements (FedRAMP, NIST 800-171) or standards (ISO 27001, SOC 2, PCI-DSS).
• Experience quantifying risk using security metrics or Key Risk Indicators.

Culture & Benefits

• Remote-first environment with a high-performance culture driven by transparency.
• Integration of AI as a core productivity multiplier in daily workflows.
• Continuous knowledge exchange and opportunities to collaborate with industry leaders.
• Inclusive workplace that values every voice and promotes equal opportunity.