Security Architect

At WHOOP, we're on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives.
The Security Architect will be key in developing and implementing a robust security posture that aligns with business objectives. Reporting to the CISO, this role will provide cybersecurity expertise to internal and external stakeholders while moving a high-value threat informed security strategy across the organization.
The successful candidate will promote a 'secure-by-design' approach, working with teams to deliver on best practices and maintain evolving security protections. The ideal candidate will have the right mix of skills, which include effective communication of complex security concepts to various stakeholders, a strategic mindset, deep technical expertise, and the ability to balance risk management with hands-on implementation and operational excellence.

RESPONSIBILITIES:

• Build and evolve a strong security architecture that is fitting with industry best practices (i.e. NIST, ISO 27001, CIS Controls) and business goals.
• Conduct regular security assessments, vulnerability analyses, and threat modeling to identify and mitigate risks across the organization
• Design and enforce security configurations for on-premises and cloud environments (i.e. AWS, Azure, GCP), ensuring compliance with regulatory requirements.
• Provide strategic guidance and oversight during critical security incidents, serving as a key decision-maker and escalation point for complex and potentially high-impact events.
• Evaluate, implement, and optimize security tools and endpoint protection to enhance threat detection and response capabilities.
• Collaborate with business units and cross functional teams to gather security requirements and ensure the effective implementation of controls and enhance secure architectures for established enterprise platforms and business-critical systems.
• Recommend and help implement changes to the enterprise security ecosystem, including policies, practices, and tools, to mitigate security challenges and improve the overall security posture.
• Partner with cross-functional teams to integrate security into operational workflows.
• Partner with application development teams to integrate security into all stages of the Software Development Lifecycle (SDLC) by utilizing appropriate tools and methodologies, while training and coaching development teams on secure coding practices to foster a culture of security within engineering.
• Collaborate with the CISO to develop security roadmaps aligned with business objectives and security principles.
• Serve as a key technical advisor and advocate for enhanced security across the organization, collaborating with business units and stakeholders to ensure the effective implementation of security best practices, drive continuous improvement, and enhance the overall security posture.
• Create, maintain, and communicate appropriate architecture diagrams and technical documentation (e.g., configuration guides, operational procedures) to support the security architecture and transition operational responsibilities of new security tools and processes to appropriate teams.
• Support the GRC team in Third Party Security Assessments to evaluate feasibility, integrations, and ensure secure implementation of solutions.
• Stay updated on emerging security trends, technologies, and regulations.

QUALIFICATIONS:

• 10+ years of experience in information security, with at least 3 years in a security architecture role.
• Proficiency in securing multi-cloud environments, identity and access management (IAM), zero-trust architectures, and security automation.
• Expertise in developing and maintaining cybersecurity standards, mapping and tailoring controls, and overseeing security metrics to ensure alignment with security objectives and compliance requirements
• Proficient knowledge of security frameworks (i.e. ISO27001, NIST Cybersecurity Framework (CSF), PCI DSS, COBIT, MITRE ATT&CK, STRIDE, NIST SP 800-53, CIS Benchmarks), compliance standards (i.e. GDPR, CPRA), and best practices.
• Experience with security technologies, such as firewalls, WAFs, SIEM, CASB, CSPM, IPS, SWG, CNAPP, SCA, SAST, DAST, and endpoint protection tools.
• Hands-on experience with cloud platform security (AWS, Azure, or GCP) and PaaS platforms..
• Strong analytical and problem-solving skills, with the ability to work effectively under pressure.
• Exceptional verbal and written communication skills to articulate complex security concepts to technical and non-technical stakeholders.
• Preferably one or more security industry certifications, such as CISSP, CISM, GSEC, CCSK, CCSP, CEH or other relevant industry certifications.
• Familiarity with emerging security technologies such as AI/ML-based threat detection.
• Ability to respond to security incidents after hours 
• Ability to work on premise from our Boston Headquarters 4 days per week.

This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office. 
Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.
WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility.  It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.