Product Security Architect

As Product Security Domain Architect, you hold a key position in our RBA (Risk & Business Assurance) Security sector, driving the embedding of our Product Security strategy in our organization.

Role and responsibilities

ASML brings together the most creative minds in science and technology to develop lithography machines that are key to producing faster, cheaper, more energy-efficient microchips. We design, develop, integrate, market and service these advanced machines, which enable our customers - the world’s leading chipmakers - to reduce the size and increase the functionality of their microchips, which in turn leads to smaller, more powerful consumer electronics.

As the Product Security Domain Architect, you will support secure design, development and maintenance of ASML’s products by ensuring Product security capabilities are defined, implemented and monitored. You shall also verify the appropriateness (sufficiency) and performance of the controls in the Product domain across ASML.

The Product Security Domain Architect is responsible for monitoring compliance against our security frameworks and customer requirements. In this position, you have these main focus points:

• Develop a product security control framework with product security requirements and controls.

• Partners with development teams to proactively communicate product security requirements, and promoting control frameworks to ensure secure goals are met.

• Drive product security architecture by providing advice to sectors during feasibility study, reviewing technical solution designs during solutioning phase and accountability for assessment after implementation.

• Leverage information about software flaws reported by security researchers and software manufacturers to inform and shape Product Security strategy and deliverables.

• Explain technical positions/risks to business leaders, and business positions/risk to technical leaders to achieve appropriate security outcomes.

• Technical leadership over a team of architects.

You will work together with a team of ASML security professionals, product architects, and sector security architects to drive the product related security architecture and solutions. The Security Community has approx. 250 FTE across ASML. Together with the rest of the community, you protect ASML’s assets and you’re at the center of everything that’s digitally exchanged.

Education and experience

Having a strong blend of Security and product related knowledge along with capability building and managerial experience, you will be responsible for driving the embedding of our Product Security strategy. Besides product security technical knowledge, excellent communication and collaboration skills are essential for this role. You take ownership and lead initiative to results, take responsibility and act decisively whilst collaborating well with other teams, technical and non-technical peers.

Ideally, we are looking for someone who brings a strong technical background and drive security program and project execution across multiple security teams; design and engineering, manufacturing, sales and customer support in situations where authority is not a given. Someone who is open to challenges and can think outside the box, able to bridge between higher level abstraction and detailed design choices. Some key competences that come natural to you in this position:

• 10+ years of experience in architecting and solving challenging technical problems, preferably in a multinational corporate security environment in two or more of the following areas: product security (preferred) or application security, information security, digital platform security.

• Act as a trusted advisor, have strong stakeholder management skills, able to build solid relationships of trust at different levels.

• In-depth knowledge or experience in Product Security by design.

• Proven experience with product security risk assessments.

• In-depth knowledge or experience with software security controls including encryption, obfuscation, and compilation, OS security (Linux and windows), access control, and Identity management, monitoring, logging and detection systems and/or Intrusion Detection System.

• Experience in IT infrastructure, cloud system, and on-premises system and Hardware security.

• In-depth knowledge of compliance standards in security domain, such as NIST, CIS, ISO 27000, IEC67443, SEMI.

• BSc/MSc/PhD in Cyber security, Software Engineering, Computer Science, Information Technology or equivalent through certification and or training.

• Either a GICSP, CISM, CISSP, or CISA certificate is considered as a must.

Other information

If you still feel your profile is a great match with this job description, please apply and we’d like to get in touch.

This position requires access to controlled technology, as defined in the Export Administration Regulations (15 C.F.R. § 730, et seq.). Qualified candidates must be legally authorized to access such controlled technology prior to beginning work. Business demands may require ASML to proceed with candidates who are immediately eligible to access controlled technology.

EOE AA M/F/Veteran/Disability

Diversity and inclusion

ASML is an Equal Opportunity Employer that values and respects the importance of a diverse and inclusive workforce. It is the policy of the company to recruit, hire, train and promote persons in all job titles without regard to race, color, religion, sex, age, national origin, veteran status, disability, sexual orientation, or gender identity. We recognize that diversity and inclusion is a driving force in the success of our company.

Need to know more about applying for a job at ASML? Read our frequently asked questions.