Principal Architect, Product Security jobs in United States
cer-icon
Apply on Employer Site
company-logo

Infoblox · 2 days ago

Principal Architect, Product Security

positionTacoma, WA
timeFull-time
remoteOnsite
seniorityLead/Staff
money$195K/yr - $300K/yr
date15+ years exp

Infoblox is a leading provider of cloud-first networking and security solutions, seeking a Principal Architect for their Product Security team. This role involves ensuring the security and compliance of products and systems, collaborating with cross-functional teams to identify security gaps and implement robust security controls.

Network HardwareReal TimeSecurity
check
Growth Opportunities
check
H1B Sponsor Likelynote
Hiring Manager
Meghann Edwards
linkedin

Responsibilities

Serve as the technical security architecture authority, partnering with product architects, principal engineers, cloud partners (AWS, Azure, GCP, OCI), and business leaders to embed secure-by-design principles into hardware appliances, multi-tenant SaaS platforms, and globally distributed cloud infrastructure
Architect end-to-end security controls and trust boundaries across hybrid infrastructure—firmware and appliance platforms (TPM, secure boot, supply chain), Kubernetes-based microservices, APIs, control-plane services, and multi-cloud SaaS environments with high availability and resilience
Lead the creation and enforcement of security reference architectures and reusable design patterns, covering Zero Trust, confidential computing, data protection, SBOM/SLSA-based supply chain integrity, workload identity, runtime security (eBPF), and API authn/authz protections
Drive and institutionalize architectural threat modeling (STRIDE, PASTA, attack trees, misuse cases) at the feature, platform, and system levels—directly shaping secure designs before code is written
Architect secure implementations of DNS, DHCP, IPAM (DDI) and high-scale network-centric services, ensuring resilience to poisoning, tunneling, spoofing, DDoS, query amplification, misconfiguration, and protocol misuse
Define and integrate security control points throughout CI/CD and platform engineering workflows, using Policy-as-Code, IaC scanning, security validation hooks, attestation requirements, and automated enforcement at deployment gates
Design, build, and scale security automation and orchestration capabilities using Python/Go, serverless, event-driven frameworks, OPA/Kyverno, and CI/CD integrations to reduce manual toil and accelerate secure delivery
Advise and influence engineering and architecture teams through design reviews, secure coding workshops, architecture governance, shaping long-term technical roadmaps and product direction
Drive adoption of CNAPP, CWPP, WAF, service mesh security, API gateways, SIEM/SOAR, and cloud-native telemetry for protective monitoring, runtime defense, and incident-ready detection
Translate regulatory and compliance requirements (FedRAMP, SOC2, ISO 27001, NIST SP 800-53, CSA CCM, SOX) into actionable, measurable, and auditable technical security control objectives—shifting from audit-driven to architecture-driven alignment
Act as a security culture amplifier, mentoring architects and senior engineers, building a broader security-minded engineering community, and elevating the technical bar across the organization

Qualification

Security ArchitectureMulti-cloud PlatformsSecurity AutomationThreat ModelingCompliance FrameworksPythonKubernetesInfrastructure-as-CodeSecure CodingCommunication SkillsMentoringCollaborationLeadershipProblem Solving

Required

15+ years of Security Engineering and Architecture experience, including principal- or architect-level leadership designing secure SaaS, appliance-based, or cloud-native platforms at global scale
Proven ability to architect secure multi-cloud (AWS, GCP, Azure, OCI) platforms, including identity federation, VPC/network isolation, workload identity, secrets lifecycle, and secure control-plane design
Deep expertise in securing: Container and Kubernetes ecosystems (EKS, GKE, AKS, Istio, Envoy, Pod Security, eBPF, runtime protection), Infrastructure-as-Code and platform engineering workflows (Terraform, Helm, CloudFormation, Kustomize, Pulumi), Protocol-heavy systems (DNS, DHCP, IPAM / DDI architecture, control-plane security, service segmentation, and abuse prevention)
Advanced knowledge of secure architecture patterns, including Zero Trust, secure edge computing, secure boot, TPM, firmware integrity, remote attestation, confidential computing, and supply chain integrity (SBOM, SLSA, SCVS)
Strong track record of architecting and implementing security automation, using language fluency in Python, Go, Rust, or Shell to build scalable tools, runtime validation frameworks, and detection/response integrations
Demonstrated experience translating compliance frameworks (FedRAMP High, SOC2, NIST 800-53, ISO 27001, SOX, CSA CCM) into engineering-enforceable technical control architectures
Hands-on experience conducting and leading: Threat modeling (STRIDE, PASTA, attack trees, misuse cases), Secure code reviews (Python, Go, Rust, C/C++, Lua, Shell), API and microservice security reviews (OAuth2/OIDC, mTLS, JWT, ABAC/RBAC)
Experience defining and leading security capability roadmaps, influencing long-term strategy for platform hardening, secure edge architecture, supply chain resilience, and incident-driven control improvements
Strong communication and influence skills—capable of evangelizing secure architecture to VP-level business leaders, product strategists, and engineering leaders

Preferred

Relevant certifications desirable (AWS Security Specialty, CISSP-ISSAP, GIAC-GDSA/GCSA, CCSP, OSCP), but hands-on architectural experience outweighs certifications

Benefits

Comprehensive health coverage, generous PTO, and flexible work options
Learning opportunities, career-mobility programs, and leadership workshops
Sixteen paid volunteer hours each year, global employee resource groups, and a “No Jerks” policy that keeps collaboration healthy
Modern offices with EV charging, healthy snacks (and the occasional cupcake), plus hackathons, game nights, and culture celebrations
Charitable Giving Program supported by Company Match

Company

Infoblox

twittertwittertwitter
Glassdoor4.5
company-logo
Infoblox develops network identity solutions enabling businesses to automate network control functions to reduce costs and boost security.
dateFounded in 1999
location
Santa Clara, California, USA
people-size1001-5000 employees
web-link
http://www.infoblox.com

H1B Sponsorship

Infoblox has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (32)
2024 (21)
2023 (10)
2022 (37)
2021 (10)
2020 (25)

Funding

Current Stage
Public Company
Total Funding
$53M
Key Investors
Warburg PincusTenaya Capital
2020-09-08Private Equity
2016-09-19Acquired
2012-04-20IPO

Leadership Team

leader-logo
Scott Harrell
President and CEO
linkedin
leader-logo
Joe Gately
SVP Americas Sales
linkedin

Recent News

Latest News
The Secret Life of Parked Domains: The Internet’s Forgotten Real Estate Is Now a Pressing Threat
2025-12-18
TradingView
PRESSR: Infoblox launches predictive DNS-based threat protection solution on AWS
2025-12-15
Zawya.com
Infoblox launches predictive DNS-based threat protection solution on AWS
2025-12-15
Company data provided by crunchbase