Overview:
SOFTSWISS continues to expand the team and is looking for a Product Security Architect to help design and scale secure architecture for our fintech platform. This role combines strategic ownership of product security with hands-on involvement in the secure development lifecycle. You’ll work closely with engineering, product, and compliance teams to ensure security is embedded into our platform from design to release.
About Product:
FinteqHub
А PCI DSS certified payment gateway for online businesses, providing integration with payment systems via a single software platform.
Learn more
Key responsibilities:
- Design and evolve the security architecture for a modern fintech platform
- Act as a security partner in product and infrastructure design reviews
- Drive secure design consultations by partnering with product architects and developers on new feature development, architecture reviews, and major refactors
- Lead threat modelling, define secure-by-default design patterns
- Oversee the remediation lifecycle of application vulnerabilities from different sources (SAST, DAST, SCA, penetration testing, etc.) – collaborate with the triage team, track fix implementation, and ensure resolution meets SLAs and compliance expectations
- Contribute to internal secure coding awareness initiatives Support audits and compliance processes (e.g. PCI DSS, DORA, GDPR)
Requirements:
- 5+ years of experience in Application Security, Product Security, or Security Architecture roles
- Strong knowledge of modern application architectures (e.g., microservices, containerised deployments, cloud-native apps)
- Experience participating in or leading security design reviews for products and infrastructure
- Hands-on experience with secure SDLC, threat modelling, and design of secure-by-default systems
- Proven experience working with SAST, DAST, SCA tools and managing the full vulnerability lifecycle
- Familiarity with secure coding practices and the ability to influence engineering teams Strong understanding of at least one major cloud provider (GCP, AWS or Azure)
- Experience supporting security audits and compliance efforts (e.g. PCI DSS, DORA, ISO 27001)
- Excellent communication skills and ability to partner with cross-functional teams (engineering, product, compliance)
- Intermediate or higher English and Russian (B1+)
Nice to have:
- Knowledge of CI/CD pipelines and how to embed security controls
- Programming skills in Golang, Python
- Experience with containers and Kubernetes security
- Background in fintech, banking, or other regulated environments
- Relevant certifications (e.g. CSSLP, OSWE, CISSP, AWS Certified Security – Speciality, Google Professional Cloud Security Engineer)
- Proficiency in PostgreSQL security mechanisms (encryption, auditing, access control)
Learn more about our hiring process here – what to expect, how to prepare, and what makes SOFTSWISS different.