Overview
We are seeking a highly technical and hands-on
Security Guardian – Product Security
,
Vice President
to serve as a strategic security guardian to engineering, platform, and business teams.
This role sits in the first line of defense and is responsible for proactively reducing technical security risk through deep engagement with product teams, rigorous architecture and application reviews, and the design and validation of embedded security controls across cloud and distributed environments.
The ideal candidate is an
experienced security architect and practitioner
who thrives working directly with engineers, thinks like an attacker, and can translate complex security principles into actionable engineering decisions.
This person brings strong expertise across multiple advanced security domains and operates as both a technical advisor and a strategic influencer.
What You Will Be Responsible For
Conduct hands-on security assessments at the application, platform, and system levels using threat modeling, architecture review, and vulnerability analysis to identify design flaws, cloud misconfigurations, insecure dependencies, and agent or API abuse scenarios.
Design and recommend concrete security controls that are embedded directly into system and application architectures, including secure identity and access design, cryptographic protections, network isolation, runtime enforcement, and secure defaults across cloud and distributed environments.
Own and actively drive down technical security risk by continuously engaging with engineering and platform teams, validating that security controls are correctly implemented, effective in production, and aligned with real-world threat models rather than static risk registers.
Partner closely with engineering teams as an embedded product security expert, influencing design decisions early, reviewing architecture and code paths, and helping teams build secure systems by default rather than retrofitting controls.
Provide technically grounded security guidance to senior leadership, translating complex security tradeoffs into clear engineering decisions and recommending concrete mitigation strategies based on architecture, cloud primitives, cryptographic design, and secure software delivery practices.
Demonstrate deep, hands-on expertise in at least three advanced security domains, such as product security, multi-cloud security, threat modeling, secure architecture and design, Agentic AI security, blockchain and cryptographic systems, and software supply-chain security.
Bring strong technical depth across network security, product and platform security, data protection and cryptography, and offensive security techniques, using attacker-mindset analysis to proactively identify and remediate weaknesses before exploitation.
Operate effectively within agile engineering environments, embedding security into iterative delivery through DevSecOps and Shift-Left principles, automated security testing, secure CI/CD pipelines, and rapid, evidence-based decision-making.
Demonstrate strong written and oral communication skills, effectively engaging with engineers, architects, and platform teams on deep technical security topics while clearly articulating security risks, design tradeoffs, and remediation strategies to business and executive stakeholders in a concise, actionable manner.
What We Value
These skills will help you succeed in this role
Strong analytical and problem-solving skills, excellent communication (written and verbal) and advisory skills, attention to detail, ability to work independently and in teams, adaptability, and ethical judgment.
Demonstrate strategic and tactical thinking, along with decision-making skills and business acumen.
Be organized, reliable and have a strong bias for action.
Education & Preferred Qualifications
At least 7+ years of progressive cybersecurity experience with focus in Product and Cloud security and 3+ years within financial services.
Bachelor's degree in Computer Science or related technical field.
Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and GIAC are preferred.
AWS or Azure Cloud Security certification is highly valued.
Proven experience collaborating with engineering teams in an embedded security engagement model.
About State Street
Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability.
We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.
We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential.
As an essential partner in our shared success, you'll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most.
Join us in shaping the future.
As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.
Discover more information on jobs at StateStreet.com/careers
Read our CEO Statement
Job ID: R-
#J-*****-Ljbffr