Product Security Engineer / Architect – Email Security
Top focus
Who we are looking for We are seeking a Product Security Engineer / Architect – Email Security reporting into the Defensive Engineering leadership team within Global Cyber Security (GCS). You will lead the strategy, architecture, and engineering of enterprise email security capabilities, protecting the organization against phishing, business email compromise (BEC), account takeover, malware, and emerging threats.
Why this role is important to us The team you will be joining is part of Defensive Engineering within Global Cyber Security, a function that is critical to the company's cybersecurity strategy. Email remains one of the primary attack vectors used by threat actors to target organizations.
This role will help drive the technologies, controls, and security capabilities needed to protect the firm's communication channels and reduce cyber risk. What you will be responsible for As a Product Security Engineer / Architect – Email Security , you will: Define and drive the enterprise email security strategy, architecture, and roadmap.
Lead the evaluation, implementation, and continuous improvement of email security technologies and controls. Partner with the GTS Email Platform team , which owns and operates the enterprise email infrastructure, to design and deploy security capabilities across the email ecosystem.
Collaborate with the Cyber Defense Center (CDC) to enhance detection, investigation, and response capabilities for phishing, business email compromise (BEC), account takeover, and other email-borne threats. Work with Threat Intelligence, Identity Security, and Incident Response teams to identify emerging threats and improve defensive controls.
Lead product evaluations, proof-of-concepts, and vendor assessments for email security technologies. Drive integration of email security solutions with security monitoring, analytics, and response platforms. Develop security standards, architectural patterns, and implementation guidance for email security controls.
Track and report key metrics related to email threat protection, phishing resilience, and risk reduction. Serve as a subject matter expert for enterprise email security initiatives. What we value These skills will help you succeed in this role: Experience with enterprise email security technologies such as Microsoft Defender for Office 365, Proofpoint, Abnormal Security, Mimecast, Cisco Secure Email, or similar platforms .
Strong understanding of phishing, business email compromise (BEC), account takeover, malware, social engineering, and email-based threats. Knowledge of email security technologies including SPF, DKIM, DMARC, SMTP security, and email authentication frameworks .
Experience designing and implementing enterprise-scale email security controls and architectures. Experience integrating email security platforms with SIEM, SOAR, identity, endpoint, and threat intelligence solutions. Strong analytical, problem-solving, automation, and scripting skills.
Excellent communication and stakeholder management skills. Education & Preferred Qualifications Bachelor's degree in Computer Science, Information Security, Engineering, or a related field, or equivalent practical experience. 8+ years of experience in cybersecurity, security engineering, or security architecture. 5+ years of hands-on experience with email security technologies and threat protection solutions.
Experience working in financial services or other regulated industries preferred. Relevant certifications such as CISSP, CCSP, GIAC, or Microsoft Security certifications preferred. Additional Requirements Experience developing security strategies, roadmaps, and architecture standards.
Familiarity with emerging AI-driven phishing, impersonation, and social engineering threats. Strong collaboration skills and ability to work across Cyber Security, GTS, and Engineering organizations. Ability to translate security risks into actionable technical solutions.
Work Requirement Hybrid work model in accordance with company policy. Ability to collaborate effectively with global teams across multiple time zones. Standard business hours with flexibility to support critical security incidents and initiatives when required.
Salary Range: $120,000 - $202,500 Annual The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ. Employees are eligible to participate in State Street’s comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.
For a full overview, visit https://hrportal.ehr.com/statestreet/Home . About State Street Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.
We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you’ll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most.
Join us in shaping the future. As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.
Discover more information on jobs at StateStreet.com/careers Read our CEO Statement Job Application Disclosure: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment.
An employer who violates this law shall be subject to criminal penalties and civil liability.