Security Architect, VN

Summary of Role

V-Key is one of the world’s leading deep-tech companies in mobile cyber-security. Our patented technology V-OS has been deployed by top banks, mobile payment providers, and governments to secure software solutions and protect more than 500 million users globally.

We are rapidly expanding into new markets and new customer segments. Apart from securing digital transactions for everyone, we are also enabling new generation technology by providing the cyber-security infrastructure for banking, government and smart homes, among many others.

At V-Key, we are building towards a future where technology users can enjoy unprecedented security and convenience.

We are looking for a Security Architect, as part of the Architecture Team.

Duties and Responsibilities

Security Architecture & Strategy

• Contribute to the definition and implementation of application and mobile security architecture, standards, and best practices.
• Develop and maintain reusable security patterns, reference architectures, frameworks, and design guidelines across application and mobile platforms.
• Ensure security designs align with enterprise architecture principles, cloud strategy, technology roadmaps, and post‑go‑live operational requirements.
• Conduct architecture reviews, risk assessments, and threat modelling to support secure solution design.
• Identify design‑level security risks and propose practical, risk‑based mitigation recommendations
• Translate regulatory and internal policy requirements into actionable security architecture controls under guidance from senior stakeholders.
• Support regulatory reviews, audits, and technology risk assessments by providing clear architectural documentation and evidence.
• Contribute to the continuous improvement of application and mobile security maturity, tools, and practices.

Mobile Application & SDK Security

• Define security architecture for mobile applications (iOS / Android) and embedded mobile SDKs.
• Establish standards for secure mobile development, including:
• Secure authentication and authorization
• Secure API consumption and backend integration
• Secure local storage (Keychain / Keystore)
• Runtime protections (anti‑tamper, jailbreak/root detection)
• Address mobile‑specific threat vectors such as reverse engineering, SDK abuse, credential theft, and runtime manipulation.
• Align mobile security architecture with OWASP MASVS / MSTG and organizational security policies.

Cryptography & Post‑Quantum Readiness (PQC)

• Define and govern cryptographic architecture, including encryption, key management, PKI, and secure communications.
• Lead crypto‑agility and PQC readiness initiatives, including:
• Cryptographic inventory and risk assessment (“harvest‑now, decrypt‑later”)
• Design of hybrid cryptographic approaches (classical + PQC‑resistant)
• Alignment with NIST PQC standards and industry guidance
• Ensure cryptographic controls are consistently applied across applications, mobile SDKs, APIs, and cloud services.

Cloud, API & DevSecOps Security

• Provide security architecture guidance for cloud‑native, containerized, and API‑driven architectures.
• Support secure development, deployment, and integration across platforms and environments
• Embed security controls into DevSecOps practices and CI/CD pipelines, including mobile build pipelines.

Requirements

• Bachelor’s degree in Computer Science, Information Systems, Engineering, or a related discipline.
• 4–7 years of experience in application security, mobile security, cloud security, or security engineering.
• Practical experience contributing to security architecture or design reviews.
• Strong understanding of application and mobile security principles, including iOS / Android and mobile SDK security.
• Familiarity with mobile threats such as reverse engineering, tampering, SDK abuse, and credential theft.
• Working knowledge of OWASP Top 10 and OWASP MASVS / MSTG.
• Solid understanding of cryptographic fundamentals (TLS, encryption, key management, PKI) and exposure to crypto‑agility and Post‑Quantum Cryptography (PQC) concepts.
• Experience securing cloud platforms (AWS and/or Azure), including IAM, data protection, and secure networking.
• Familiarity with API security, cloud‑native architectures, and DevSecOps / CI/CD security practices.
• Experience participating in threat modelling (e.g. STRIDE, MITRE ATT&CK) and design‑level risk assessments.
• Awareness of regulatory and internal security policy requirements and experience supporting audits or risk assessments.
• Strong communication and collaboration skills, with the ability to work effectively across engineering, platform, risk, and compliance teams.
• Relevant certifications (e.g. Security+, cloud associate, or progress toward CISSP / CCSP / CISM) are a plus.