Design secure systems before they're built, not after they leak.
Security Architects shape the long-arc decisions — zero trust models, segmentation strategies, crypto choices, reference architectures other teams build from. The role rewards depth in threat modelling and the patience to influence without owning the keyboard.
Tools in scope
FAANG
Long whiteboard system-design round — secure a multi-region payment platform under load.
Bank
Reference architectures, SABSA traceability, regulator-facing rationale.
// Sample question
Walk me through how you'd threat-model a new payments microservice that calls a third-party processor.
Start with a data-flow diagram (trust boundaries, auth, secrets). Run STRIDE per element, prioritise spoofing of the processor callback and tampering of webhook payloads. Recommend mTLS or signed webhooks, idempotency keys, replay-protection windows, and a kill-switch. Capture residual risk and owner.
AI-graded, role-specific, feedback on every answer. Free to start.