Security Architecture Lead

• Provide architectural oversight across product, platform, and internal systems, ensuring scalable, secure patterns that support WHOOP’s long-term growth
• Advise InfoSec and IT on secure, scalable approaches for SIEM/logging pipelines, identity integrations, privileged access, SaaS integrations, and foundational security tooling
• Define the target-state architecture for vulnerability management across product, cloud, and internal systems, transitioning from spreadsheets to integrated, automated workflows
• Serve as the technical evaluator for high-risk vendors and integrations, validating architecture, controls, and data flows as part of the TPRA process
• Map WHOOP’s architecture to frameworks required for future regulated or government-oriented verticals (i.e., NIST 800-53, AI governance standards, healthcare/biometric requirements) and help shape the roadmap toward readiness
• Contribute to the design of scalable, secure patterns for AI usage across WHOOP, including MCP governance, LLM API integrations, and AI-enabled product features
• Partner with Product Security and Engineering to provide secure design input for identity flows, API/WAF strategy, backend services, data paths, and new product features
• Review threat models and design documents with Product Security and Engineering, identifying assumptions, systemic risks, and missing mitigations
• Integrate security into engineering workflows through practical, reusable patterns and clear expectations
• Produce clear, actionable architectural guidance and documentation used across engineering, product, and security
• Act as a trusted advisor and mentor, raising the organization’s architectural maturity and security judgment

• 7–10+ years in security architecture, product security, or senior security engineering roles supporting modern distributed systems
• Strong understanding of secure system design, identity and access patterns, API and application security, and cloud-native architecture (AWS preferred)
• Experience reviewing and guiding threat models in real engineering environments
• Interest or experience in securing AI/LLM integrations or developing standards for responsible AI usage
• Ability to influence and collaborate effectively across engineering, product, IT, and security
• Familiarity with SOC 2, ISO 27001, GDPR, PCI, HIPAA-aligned security requirements, and NIST 800-53 or similar high-assurance control frameworks
• Ability to translate regulatory and high-assurance control expectations into practical engineering patterns
• Exceptional written and verbal communication, including design feedback and technical documentation
• High integrity, sound judgment, and a pragmatic, solution-oriented mindset

Interest or experience in securing AI/LLM integrations or developing standards for responsible AI usage

• competitive base salaries
• meaningful equity
• benefits
• generous equity package