Security Architect, Product

College Board - Technology - Product Security

Location: This is a fully remote role. Candidates who live near CB offices have the option of being fully remote or hybrid (Tuesday and Wednesday in office).

Type: This is a full-time position

About the Team 

College Boards' Product Security team is a close-knit group of technologists focused on building secure, cloud-native products. We partner closely with product and engineering teams to identify risks early, solve hard problems, and enable delivery through practical security architecture and DevSecOps practices. We value diverse perspectives and ensure every voice is heard.

Security Architects collaborate with product teams and key stakeholders to translate business needs into secure design decisions. They lead threat modeling and architecture reviews, help teams adopt secure development practices, and contribute to security standards and tooling decisions.

About the Opportunity  

As a Product Security Architect, you will serve as a trusted advisor to product teams building and operating multi-tenant SaaS applications that support millions of students. You’ll guide secure-by-design architecture, lead threat modeling and design reviews, and help teams make practical trade-offs across security, privacy, resilience, and delivery.

This role requires strong judgment and agency. You will be expected to make risk-based decisions within established guardrails, knowing when to escalate and when to move forward independently. You will also help shape security architecture for high-trust assessment experiences and large-scale integrations common in K–12 and higher education ecosystems.

In this role, you will:

Secure SaaS Architectures (50%)

• Serve as a trusted security advisor to engineering and product teams, offering clear guidance on secure architecture, design decisions, and remediation strategies.
• Review system and application architectures, identifying gaps, recommending enhancements, and aligning solutions with College Board’s Product Security Framework and zero-trust principles.
• Partner with product teams early in the lifecycle to conduct architectural assessments, threat modeling, and data flow review, ensuring that secure-by-design practices guide every phase of development.
• Advise on secure implementation of cloud-native services, client/mobile applications, IAM, encryption, storage, access control and data protection, and serverless design patterns.
• Provide architectural guidance that supports audit and compliance readiness by ensuring security and privacy requirements are reflected in system design, technical controls, and documented patterns.
• Support the evaluation of new technologies, third-party integrations, and design proposals to assess security impact and ensure alignment to enterprise standards, including large-scale customer integrations (SSO/identity federation and data exchange) common in K–12 and higher education ecosystems
• Partner with engineering teams to evaluate failure modes, dependency risks, and systemic weaknesses as part of architectural reviews and threat modeling.
• Embed deeply within one of more product domains, partnering early with engineering and product teams as the primary security architecture advisor.
• Lead risk-based trade-off discussions (security, privacy, usability, delivery), documenting key decisions and rationale to help teams move quickly and consistently.

Elevate Product Security (25%)

• Lead the creation and documentation of secure architectural reference patterns for recurring use cases across College Board (e.g., external API patterns, secure data ingestion).
• Collaborate with other architects to shape the long-term technical strategy for secure software and cloud architecture.
• Contribute to the continuous improvement of Product Security standards and threat modeling methodologies, ensuring consistency and scalability.
• Analyze emerging security and privacy threats, industry trends, and cloud-security advancements to proactively update architectural patterns and security guidance.
• Mentor junior security engineers and developers, providing coaching on architectural thinking, secure design, and modern application security concepts.
• Work with security partner team in maturing product-specific risk registers.

Improve Product Security Operations (25%)

• Partner with engineering, DevSecOps, and cloud platform teams to create secure design patterns in CI/CD, infrastructure-as-code, and runtime environments. <