Security Architect

Are you a security specialist in the OT space looking to expand your expertise into cloud solutions? Are you a cloud security champion passionate about bringing your expertise into OT/IoT space? At Priva Product Development Organisation we are looking for the Security Architect who will shape the security of our products.  

Security Architect in Priva Product Development – Why this role matters 

At Priva, we develop hardware products and software services for horticulture and building automation. Seeing the importance of our products for our customers, we recognize the need to continuously keep these secure in the ever evolving, fast-paced world. The security requirements in our landscape span four different areas: 

1. Physical/embedded device security. 

2. OT (operational technology) network security. 

3. OT network to Priva-hosted cloud services communications. 

4. Priva's hybrid on-prem/multi-cloud platform applications security, including applications, infrastructure, CI/CD pipelines.  

What makes this role truly unique is that our products contain long-lived hardware components that our customers run for years. Engineering future-proofed security solutions and maintaining a security posture at existing sites across all these areas having wide range of varying implementations and security needs creates a great challenge and a great fun. 

As part of the architecture team, you will play a key role in shaping the future of Priva's portfolio offered on the global market. You define security standards, security practices and security designs for our products that are used in tens of thousands of buildings and greenhouses. You work across product, engineering, and operations teams to ensure security controls and adhered to, implemented and tested as you have designed these. That’s real impact. 

What you will be doing 

As a Security Architect, you have a very simple mission: you see to it that Priva's hardware products and software (cloud) services are secured against known and emergent threats in lines with the industry standards and practices. You build upon your strong background in securing device/OT networks, cloud applications, and engraining the security practices in the daily work of Agile teams to achieve consistent security posture across all Priva products, designs, and customer deployments. 

 As a security architect, you are trusted counterpart of Priva Security, Quality, and Compliance officer to define, review, and execute controls arising from ISO9001 and ISO27001 standards and internal initiatives. You are responsible for presenting the necessary evidence of Priva’s compliance with these controls to the auditors. 

• Security standards, policies, and design patterns library 

• Security architecture review process 

• Risk register and residual risk acceptance documentation 

• Periodic product security implementation reviews, including maintaining non-compliance register 

• Defined requirements, products and work packages for security-focused projects with 3rd party service providers, reviewing and accepting their deliverables, and supervising the implementation of these deliverables in the Priva hardware products and software services. 

• Regulatory compliance (IEC 62443, ISO 27001, ISO 9001 or other standard that may be applicable in specific geographies) 

• Threat intelligence briefing relevant to OT/IoT threat landscape 

• Designing, implementing, and reviewing security controls applied at major customer sites. 

Above all, this is a hands-on role – occasionally writing code is included. You connect the industry’s best practices, ISO standards, product vision with the daily work of the product team. As a security architect, you practice what you preach. You explain, coach, and show by example the implementation of security as Secure SDLC in the developer’s daily work.  

To succeed in this role: 

• You are passionate about OT security; you have great interest in the application of our products in the field. You are curious to grasp how our products truly work for our customers to find the best balance between security, reliability, and cost. You share the opinion that "if I don't secure Priva’s applications, then no one else will". 

• You identify and eliminate issues in the development cycle that can jeopardize the security posture. You know and can show by example how to "test securely as well as test security" 

• You are a great collaborator who can be a valuable sparring partner with product managers to understand and refine customer's needs for security so that you define the right security designs for market segments. Engineering managers rely on your ability to steer security implementations within the product teams. 

• You are comfortable designing products that our customers will be running for years; comfortable providing guidance to LCM activities for existing customers to update hardware and software components to continuously stay secure. 

• You share the knowledge about security subjects; you explain why security practices exist and what they achieve in the long run. 

• You can translate security designs into engineering specifications, appraise implementation designs, conduct code reviews. This role with a strong hands-on component, not just a pure governance role. 

• You understand and can register, document, and communicate clearly risks and trade-offs between differen t project execution scenarios 

• You have had hands-on experience implementing security designs using modern programming language and frameworks, and you are able to coach product teams to increase their secure coding maturity e.g. by running threat modelling workshops with the engineering team. 

• You have vast experience with architecture roles with 3-5 years of experience specifically focusing on security. 

In addition, you have the following technical expertise: 

• Proven track record across at least two of the three domains: OT/IoT/embedded security, network security, cloud security 

• You are familiar with modern authentication and authorization frameworks (JWT, OpenID, SAML) and (REST) API security and protection approached 

• ISO 27001 and IEC 62443 understanding at a working level 

• Working knowledge with or excellent ability to apply the PKI and certificate lifecycle management at scale; also, with the vision how to implement this in OT/IoT deployment contexts 

• Solid network security understanding: firewall policy, micro-segmentation, DMZ design for IT/OT boundaries 

• Zero trust architecture principles 

• Secure SDLC and DevSecOps tools and practices (think about OWASP, SANS25, Snyk, Black Duck, etc) 

The following competence is desired: 

• OT/ICS protocols and architectures (such as BACnet Secure Connect, Modbus, DNP3, MQTT, AMQP) 

• Embedded device security for industrial PCs, systems-on-chip, and microcontrollers: secure boot, hardware security modules (HSMs), TPM, secure enclave concepts, firmware & data signing, encryption 

• Cloud security on at least one major platform (AWS, Azure, or GCP) 

• Container and Kubernetes security 

• Secrets management and key management systems (HashiCorp Vault, AWS KMS, Azure Key Vault) 

• Priva's technical stack is C#/C++/.NET and Angular. Experience implementing production projects with this stack is preferred, but not required if you are able to learn it quickly (based on your vast experience) 

What we offer you 

💶 Excellent remuneration — competitive and aligned with experience. 

🌴 30 days holiday per year, with the option to buy 5 more at half price. 

🏦 Excellent pension contribution. 

🎓 Education budget of €1,000 per year. 

⏰ Flexible working hours. 

🍱 Onsite canteen (e.g., poke bowl for €2). 

🏋️ Free onsite gym. 

🎉 Vibrant, open culture.