Principal Product Security Architect

Job Title

Principal Product Security Architect

Role Summary

Lead product security evaluation and certification activities for Arm products, coordinating external accredited laboratories and certification bodies. Serve as a senior technical owner within the Product Security team to plan, drive, and close formal security evaluations and maintain compliance with applicable standards.

Salary range: £126,200 - £170,800 per year. Relocation package and visa sponsorship support are available for eligible candidates.

Experience Level

Senior — requires 10+ years of experience in product security, security evaluation, certification, or a related field.

Responsibilities

Lead and manage formal security evaluation and certification programs and act as the primary technical interface to external evaluators.

• Act as primary technical contact with accredited third-party security laboratories evaluating Arm products.
• Lead, coordinate, and run end-to-end security evaluation and certification programs: planning, execution, documentation, and closure.
• Ensure evidence, documentation, test vectors, and artefacts required for certification are accurate, complete, and delivered on schedule.
• Review and validate laboratory findings; ensure corrective actions are implemented and retested as needed.
• Maintain up-to-date knowledge of evolving certification standards (Common Criteria, PSA Certified, SESIP, FIPS, ISO 21434, IEC 62443, EU-CRA, etc.).
• Create and maintain clear documentation for evaluation processes and certification workflows.
• Provide internal guidance and mentoring on evaluation methodologies and certification readiness.

Requirements

Must-have skills and experience required for this role.

• 10+ years of experience in product security, security evaluation, certification, or a related area.
• Strong understanding of security evaluation schemes such as Common Criteria, SESIP, PSA Certified, FIPS 140-3, ISO 21434, EU-CRA or similar frameworks.
• Proven experience collaborating with external security laboratories and navigating formal evaluation processes.
• Solid understanding of cryptographic primitives, secure key lifecycle management, and secure provisioning workflows.
• Experience with silicon/SoC security architecture, threat modelling, attacker models, and countermeasures.
• Good organisational skills for managing multi-stakeholder technical projects; strong communication, negotiation, and documentation abilities.
• Ability to work effectively with cross-functional engineering, product, and security teams.

Nice-to-have

• Experience with secure hardware components: cryptography accelerators, root-of-trust modules, secure enclaves, HSMs, or TEE/TF-M environments.
• Experience with secure firmware: secure Boot ROM, bootloaders, TFM/TFA, OP-TEE, hypervisor/microvisor environments.
• Practical knowledge of semiconductor manufacturing flows and supply chain security.
• Familiarity with side-channel analysis, fault-injection testing, and hardware penetration-testing methodologies.

Education Requirements

Not specified.

About the Company

Company: Arm

Headquarters: Cambridge, United Kingdom

ARM is a global leader in semiconductor and software design, driving innovation in computing technology. The company specializes in designing processors and systems that provide the essential building blocks for electronic devices. ARM's architecture is widely used in smartphones, servers, and IoT devices, and its collaborative culture fosters bold thinking, diversity, and high-impact benefits for its talented workforce.