Job Description

As a Product Security Architect at Island, you will be responsible for designing, shaping, and evolving the security architecture of the Island Enterprise Browser. This role combines deep technical expertise with strategic thinking, focusing on proactively reducing risk through secure design, architectural reviews, and close collaboration with engineering and product teams. You will play a key role in defining security standards, guiding threat modeling efforts, and ensuring security is built into the product from its earliest design stages throughout its production lifecycle and evolutions.

Key Responsibilities:

• Security Architecture & Design: Define and own product security architecture across browser components, OS integrations, and enterprise-facing features, ensuring security-by-design principles are consistently applied.
• 
  
• Threat Modeling & Risk Assessment: Lead threat modeling efforts for new features and architectural changes, identifying attack surfaces, trust boundaries, and mitigation strategies in collaboration with engineers and product leaders.
• 
  
• Security Reviews & Guidance: Perform architecture and design reviews, providing actionable security recommendations and guiding teams on secure implementation patterns.
• 
  
• Vulnerability & Attack Surface Analysis: Proactively assess systemic risks, design flaws, and high-impact vulnerability classes relevant to browsers and enterprise platforms.
• 
  
• Security Standards & Enablement: Develop and maintain security guidelines, patterns, and reference architectures; support teams in adopting secure coding and design practices.
• 
  
• Cross-Functional Collaboration: Partner closely with engineering, product, and product security leadership to balance security, usability, and performance tradeoffs.
• 
  
• Security Strategy & Innovation: Track emerging threats, exploitation techniques, and industry trends to continuously improve Island’s long-term security posture.

Requirements

• Strong background in security architecture, secure systems design, or product security engineering.
• 
  
• Deep understanding of browser security models, OS security primitives, or application-level security.
• 
  
• Experience conducting threat modeling, design reviews, and architectural risk assessments.
• 
  
• Proficiency in one or more programming languages (e.g., Python, JavaScript, C/C++, Go) with the ability to reason about implementation-level risk.
• 
  
• Solid knowledge of common vulnerability classes and systemic security failures (e.g., sandbox escapes, RCE, privilege escalation).
• 
  
• Ability to translate complex security concepts into clear guidance for engineering teams.
• 
  
• Security research or vulnerability research experience is a strong advantage.