Security Architect, Product

About The Team

College Board's Product Security team is a close-knit group of technologists focused on building secure, cloud-native products. We partner closely with product and engineering teams to identify risks early, solve hard problems, and enable delivery through practical security architecture and DevSecOps practices. We value diverse perspectives and ensure every voice is heard.

Security Architects collaborate with product teams and key stakeholders to translate business needs into secure design decisions. They lead threat modeling and architecture reviews, help teams adopt secure development practices, and contribute to security standards and tooling decisions.

About The Opportunity

As a Security Architect, Product, you will serve as a trusted advisor to product teams building and operating multi-tenant SaaS applications that support millions of students. You’ll guide secure-by-design architecture, lead threat modeling and design reviews, and help teams make practical trade-offs across security, privacy, resilience, and delivery.

This role requires strong judgment and agency. You will be expected to make risk-based decisions within established guardrails, knowing when to escalate and when to move forward independently. You will also help shape security architecture for high-trust assessment experiences and large-scale integrations common in K–12 and higher education ecosystems.

In This Role, You Will

Secure SaaS Architectures (50%)

• Serve as a trusted security advisor to engineering and product teams, offering clear guidance on secure architecture, design decisions, and remediation strategies.
• Review system and application architectures, identifying gaps, recommending enhancements, and aligning solutions with College Board’s Product Security Framework and zero-trust principles.
• Partner with product teams early in the lifecycle to conduct architectural assessments, threat modeling, and data flow review, ensuring that secure-by-design practices guide every phase of development.
• Advise on secure implementation of cloud-native services, client/mobile applications, IAM, encryption, storage, access control and data protection, and serverless design patterns.
• Provide architectural guidance that supports audit and compliance readiness by ensuring security and privacy requirements are reflected in system design, technical controls, and documented patterns.
• Support the evaluation of new technologies, third-party integrations, and design proposals to assess security impact and ensure alignment to enterprise standards, including large-scale customer integrations (SSO/identity federation and data exchange) common in K–12 and higher education ecosystems.
• Partner with engineering teams to evaluate failure modes, dependency risks, and systemic weaknesses as part of architectural reviews and threat modeling.
• Embed deeply within one of more product domains, partnering early with engineering and product teams as the primary security architecture advisor.
• Lead risk-based trade-off discussions (security, privacy, usability, delivery), documenting key decisions and rationale to help teams move quickly and consistently.

Elevate Product Security (25%)

• Lead the creation and documentation of secure architectural reference patterns for recurring use cases across College Board (e.g., external API patterns, secure data ingestion).
• Collaborate with other architects to shape the long-term technical strategy for secure software and cloud architecture.
• Contribute to the continuous improvement of Product Security standards and threat modeling methodologies, ensuring consistency and scalability.
• Analyze emerging security and privacy threats, industry trends, and cloud-security advancements to proactively update architectural patterns and security guidance.
• Mentor junior security engineers and developers, providing coaching on architectural thinking, secure design, and modern application security concepts.
• Work with security partner team in maturing product-specific risk registers.

Improve Product Security Operations (25%)

• Partner with engineering, DevSecOps, and cloud platform teams to create secure design patterns in CI/CD, infrastructure-as-code, and runtime environments.
• Support the design of security and platform guardrails that improve system resilience at scale, including secure defaults, automated rollback, isolation controls, and observable failure detection.
• Support governance workflows as stakeholders in broader multi-team processes.
• Contribute to development of metrics, KPIs, and maturity indicators to measure architectural security posture and influence roadmap planning.
• Assist in implementing automated guardrails and tooling that enforce architectural best practices at scale.
• Participate in evaluating and improving new and existing security policies and standards, tools, and controls across the organization to enhance the overall security posture.

About you, you have

• Meaningful experience in security architecture, application security, or cloud security, with ownership of architectural decisions and trade-offs.
• Strong understanding of security risks in modern multi-tenant SaaS architectures (APIs, microservices/event-driven patterns, identity, data protection).
• Experience leading threat modeling, architecture reviews, and risk assessments, translating findings into clear, actionable guidance for technical and non-technical audiences.
• Cloud security depth (AWS preferred; comparable depth in Azure or GCP is valued).
• Experience securing third-party and customer integrations at scale (e.g., SSO/identity federation and data exchange).
• Experience in K–12 or higher education ecosystems (e.g., SIS/classroom platforms) is a strong advantage.
• A pragmatic, risk-based approach and comfort operating with ambiguity, able to exercise agency and make decisions within guardrails.
• AI-native behavior: you actively use AI today (work or personal) and can articulate where it helps, where it introduces risk, and the guardrails you apply.
• Strong collaboration and influence skills; able to challenge ideas respectfully, mentor others, and partner effectively across engineering, product, privacy, and compliance.

All Roles At College Board Require

• A passion for expanding educational and career opportunities and mission-driven work.
• Curiosity and enthusiasm for emerging technologies, with a willingness to experiment with and adopt new AI-driven solutions and comfort with learning and applying new digital tools independently and proactively.
• Clear and concise communication skills, written and verbal.
• A learner's mindset and a commitment to growth: welcoming diverse perspectives, giving and receiving timely, respectful feedback, and continuously improving through iterative learning and user input.
• A drive for impact and excellence: solving complex problems, making data-informed decisions, prioritizing what matters most, and continuously improving through learning, user input, and external benchmarking.
• A collaborative and empathetic approach: working across differences, fostering trust, and contributing to a culture of shared success.
• Authorization to work in the United States.

What We Offer

At College Board, we offer more than a paycheck- we provide a meaningful career, a supportive team, and a comprehensive package designed to help you thrive. We’re a self-sustaining nonprofit that believes in fair and competitive compensation grounded in your qualifications, experience, impact, and the market.

A Thoughtful Approach To Compensation

The hiring range for this role is $156,000–$172,000. Your exact salary will depend on your location, experience, and how your background compares to others in similar roles at the College Board. We aim to make our best offer upfront, rooted in fairness, transparency, and market data. We adjust salaries by location to ensure fairness, no matter where you live.

You’ll have open, transparent conversations about compensation, benefits, and what it’s like to work at College Board throughout your hiring process. Check out our careers page for more.

Key skills/competency

• Security Architecture
• Threat Modeling
• Cloud Security AWS
• SaaS Security
• DevSecOps
• Application Security
• Identity and Access Management IAM
• Data Protection
• Zero-Trust Principles
• Risk Assessment