Security Architect

At WHOOP, we’re on a mission to unlock human performance and extend healthspan. Our wearable technology provides personalized insights that help millions of members better understand their bodies, and make smarter decisions about training, recovery, and lifestyle.
As we expand our platform, deepen our use of data, and scale globally, we’re hiring a Security Architect to design and implement secure, scalable systems that keep our members safe and our business resilient. This is a hands-on role reporting to the CISO, partnering with Engineering, IT, Product Security, and others to embed security into the fabric of how WHOOP builds.
We’re looking for a technically strong, delivery-oriented architect who can operate across cloud, application, and enterprise environments and who thrives in a fast-moving, mission-driven company.
You’ll join a growing, execution-oriented security team with influence across the business. You’ll help shape secure foundations for a global platform, driving technical excellence and clarity in every decision. We operate with urgency, ownership, and high standards, and expect the same from every team member.

RESPONSIBILITIES:

• Design and document secure, scalable architectures across cloud, application, endpoint, and SaaS environments to support growth and innovation
• Lead the implementation and continuous improvement of security capabilities across areas such as threat detection, identity and access management, data protection, and vulnerability management
• Drive secure deployment practices through automation, documentation, and process standardization
• Lead security architecture and control design for WHOOP AI initiatives, including the secure use of third-party AI APIs, protection of sensitive data in AI-powered product features, governance of in-house models and MCP infrastructure, and responsible use of AI capabilities across internal and SaaS platforms
• Partner with Engineering, Product Security, and IT to review new systems and features, advise on tradeoffs, and deliver secure-by-default outcomes
• Serve as a trusted technical leader and mentor across the security and engineering organization
• Drive the architecture and evolution of vulnerability management capabilities, ensuring integration with development pipelines, infrastructure, and program-level visibility
• Align architectural decisions with applicable regulatory requirements and security standards, including GDPR, SOC 2, ISO 27001, PCI, NIST, laws governing health and biometric data, and emerging AI risk and governance frameworks
• Help integrate frameworks like NIST into secure development and operational practices
• Define technical success criteria and partner on security metrics and dashboards that drive accountability and visibility across the organization

QUALIFICATIONS:

• 7–10 years of experience in security architecture, security engineering, or technical security leadership roles supporting complex, distributed systems
• Certifications such as AWS Security Specialty, CCSK,OSCP, or CISSP are strongly valued, but not required.
• Demonstrated expertise in cloud security, particularly in AWS environments and modern cloud-native architectures
• Ability to operate across technical depths, from threat modeling and system design to secure implementation guidance and risk tradeoff discussions
• Proven success collaborating with Engineering, Product, and Infrastructure teams to drive secure outcomes in fast-paced, product-led environments
• Direct experience with AI/ML security and governance, including secure implementation of third-party AI services, protection of sensitive data across internal models and AI-powered features, and support for policy development, auditability, and control across enterprise and SaaS AI tools, including MCP infrastructure, model access, and responsible use
• Experience aligning security programs and architecture with industry frameworks and compliance obligations such as GDPR, SOC 2, ISO 27001, PCI, and NIST
• Strong written and verbal communication skills, with a focus on documentation, stakeholder alignment, and clarity under pressure and the emotional intelligence to collaborate without ego
• High degree of ownership, autonomy, and a proactive, solution-oriented mindset
• Passion for mentorship, process maturity, operational rigor, and helping security functions scale through automation and shared accountability

This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office. 
Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.
WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility.  It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.