Principal IT Security Architect

CREATIVITY IS OUR SUPERPOWER. It’s our heritage and it’s also our future. Because we don’t just make toys. We create innovative products and experiences that inspire, entertain and develop children through play. Mattel is at its best when every member of our team feels respected, included, and heard—when everyone can show up as themselves and do their best work every day. We value and share an infinite range of ideas and voices that evolve and broaden our perspectives with a reach that extends into all our brands, partners, and suppliers.

The Team:

The Security Architecture and Engineering is a multidisciplinary team that oversees the secure design and development across Mattel’s products, services, infrastructure and backend/supporting systems. This is an expanding team that is helping to develop and implement the security vision and strategy at Mattel. You can expect a dynamic and fast-paced role where you are empowered to make decisions that impact the foundation of this team.

The Opportunity: 

Open to remote work 

Mattel is currently seeking a Principal Security Architect/Engineer in El Segundo, CA. This role is part of a multidisciplinary team that will focus on the Product and Application security. This includes Design Reviews, Threat Modeling, Security Requirements, Secure SDLC, Vulnerability Assessments, Security Scanning and Security/Penetration Testing. This position reports directly into the Director of Security Architecture & Engineering.   

What Your Impact Will Be: 

• Serve as subject matter expert in product security architecture, security testing, secure design review, and security engineering, and reporting.
• Drive projects related to product security, threat modeling, software security automation, bug bounty and the security development lifecycle.
• Foster partnerships with stakeholders and their teams to facilitate positive change.
• Work with the design and development teams to ensure that application security risks are effectively identified and remediated in a timely manner while maintaining a balance between security & usability.
• Communicate security concepts to a variety of audiences including business and technical leaders as well as senior leadership.
• Contribute to the development and execution of the application security strategy.
• Develop security architecture standards, controls and design patterns across all layers of security from host, server, mobile, and network to application and data security.
• Support compliance and regulation requirements: PCI, SOX, SOC2, NIST.
• Perform deep design reviews throughout the development lifecycle, determining security requirements and identifying security risks while driving the remediation of integration issues.
• Provide expert knowledge of SDLC/application architecture as well as methodologies for the software and model development life cycle.
• Design and implement the automation of security tools and processes.
• Perform analysis and develop metrics that measure current risk and effectively evaluate and manage threats.
• Advise on secure architecture/design, attack surface area reduction, least privileged design, threat mitigations, and security standard methodologies.
• Build, maintain, and enforce application security development policies, procedures & standards.
• Triage vulnerabilities identified by code scanning tools

What We’re Looking For: 

• Bachelor's Degree Computer Science preferred or equivalent years of experience. 
• A leader with the proven ability to manage multiple priority projects.
• 10+ years of relevant work experience.
• Experience with one or more cloud platforms (GCP, AWS, Azure)
• Proven understanding of cloud computing concepts and practices
• Automated cloud security solutions
• Ability to break down complex problems and implement custom solutions.
• Experience with identity lifecycle management and federation technologies such as SAML, OAUTH, OpenID Connect, or similar. 
• Expertise in application development and DevSecOps security technologies.
• Strong understanding in mobile application security
• Proven ability to manage relationships with other business units, stakeholders, external vendors.
• Knowledge of secure software development lifecycle and practices such as threat modelling, security reviews, penetration tests, and security incident response.
• In-depth experience of vulnerabilities, firewall management, network vulnerability analysis, software testing and security assessment, malicious code and software exploitation techniques, continuous monitoring and event logging.

What It’s Like to Work Here:

We are a purpose driven company aiming to empower the next generation to explore the wonder of childhood and reach their full potential. We live up to our purpose employing the following behaviors:

• We collaborate: Being a part of Mattel means being part of one team with shared values and common goals. Every person counts and working closely together always brings better results. Partnership is our process and our collective capabilities is our superpower.
• We innovate: At Mattel we always aim to find new and better ways to create innovative products and experiences. No matter where you work in the organization, you can always make a difference and have real impact. We welcome new ideas and value new initiatives that challenge conventional thinking.
• We execute: We are a performance driven company. We strive for excellence and are focused on pursuing best in class outcomes. We believe in accountability and ownership and know that our people are at their best when they are empowered to create and deliver results.

Who We Are:

Mattel is a leading global toy company and owner of one of the strongest catalogs of children’s and family entertainment franchises in the world. We create innovative products and experiences that inspire, entertain and develop children through play. We engage consumers through our portfolio of iconic brands, including Barbie, Hot Wheels, Fisher-Price, American Girl, Thomas & Friends, UNO and MEGA, as well as other popular intellectual properties that we own or license in partnership with global entertainment companies. Our offerings include film and television content, gaming, music and live events. We operate in 35 locations and our products are available in more than 150 countries in collaboration with the world’s leading retail and ecommerce companies. Since its founding in 1945, Mattel is proud to be a trusted partner in empowering children to explore the wonder of childhood and reach their full potential.

Visit us at https://jobs.mattel.com/ and www.instagram.com/MattelCareers.

Mattel is an Affirmative Action/Equal Opportunity Employer where we want you to bring your authentic self to work every day. We welcome all job seekers including minorities, females, veterans, individuals with disabilities, and those of all sexual orientations and gender identities.