Product Security Architect

Island Island · Enterprise · Tel Aviv, Israel · Product Management

The Product Security Architect will design, shape, and evolve the security architecture of the Island Enterprise Browser. This role involves defining security standards, leading threat modeling, conducting architectural reviews, and ensuring security is built into the product lifecycle. Responsibilities include designing security architecture, leading threat modeling and risk assessment, performing security reviews, analyzing vulnerabilities, developing security standards, collaborating cross-functionally, and tracking emerging threats.

What you'd actually do

  1. Define and own product security architecture across browser components, OS integrations, and enterprise-facing features, ensuring security-by-design principles are consistently applied.
  2. Lead threat modeling efforts for new features and architectural changes, identifying attack surfaces, trust boundaries, and mitigation strategies in collaboration with engineers and product leaders.
  3. Perform architecture and design reviews, providing actionable security recommendations and guiding teams on secure implementation patterns.
  4. Proactively assess systemic risks, design flaws, and high-impact vulnerability classes relevant to browsers and enterprise platforms.
  5. Develop and maintain security guidelines, patterns, and reference architectures; support teams in adopting secure coding and design practices.

Skills

Required

  • Strong background in security architecture, secure systems design, or product security engineering.
  • Deep understanding of browser security models, OS security primitives, or application-level security.
  • Experience conducting threat modeling, design reviews, and architectural risk assessments.
  • Proficiency in one or more programming languages (e.g., Python, JavaScript, C/C++, Go) with the ability to reason about implementation-level risk.
  • Solid knowledge of common vulnerability classes and systemic security failures (e.g., sandbox escapes, RCE, privilege escalation).
  • Ability to translate complex security concepts into clear guidance for engineering teams.

Nice to have

  • Security research or vulnerability research experience

What the JD emphasized

  • security architecture
  • secure design
  • threat modeling
  • architectural risk assessments
  • security research
  • vulnerability research