At WHOOP, we’re on a mission to unlock human performance and healthspan. Our wearable technology provides personalized insights that help millions of members better understand their bodies, and make smarter decisions about training, recovery, and lifestyle.
WHOOP is seeking a Security Architecture Lead to help shape secure, scalable design across our product, platform, AI, and internal systems. This strategic role partners closely with Product Security, Engineering, IT, and InfoSec to influence technical decisions, review designs, validate threat models, integrate security into the SDLC, and guide secure adoption of new technologies and vendors.
The successful candidate will elevate secure-by-design practices across WHOOP, bringing the clarity, technical depth, and strategic insight needed to guide engineering and security teams through complex architectural decisions. They will translate sophisticated security concepts into actionable guidance, influence stakeholders at all levels, and help the organization balance innovation with long-term resilience.
RESPONSIBILITIES:Provide architectural oversight across product, platform, and internal systems, ensuring scalable, secure patterns that support WHOOP’s long-term growth.Advise InfoSec and IT on secure, scalable approaches for SIEM/logging pipelines, identity integrations, privileged access, SaaS integrations, and foundational security tooling.Define the target-state architecture for vulnerability management across product, cloud, and internal systems, transitioning from spreadsheets to integrated, automated workflows.Serve as the technical evaluator for high-risk vendors and integrations, validating architecture, controls, and data flows as part of the TPRA process.Map WHOOP’s architecture to frameworks required for future regulated or government-oriented verticals (i.e., NIST 800-53, AI governance standards, healthcare/biometric requirements) and help shape the roadmap toward readiness.Contribute to the design of scalable, secure patterns for AI usage across WHOOP, including MCP governance, LLM API integrations, and AI-enabled product features - with support from the security and engineering teams as you grow into this evolving space.Partner with Product Security and Engineering to provide secure design input for identity flows, API/WAF strategy, backend services, data paths, and new product features.Review threat models and design documents with Product Security and Engineering, identifying assumptions, systemic risks, and missing mitigations.Integrate security into engineering workflows through practical, reusable patterns and clear expectations.Produce clear, actionable architectural guidance and documentation used across engineering, product, and security.Act as a trusted advisor and mentor, raising the organization’s architectural maturity and security judgment.QUALIFICATIONS:7–10+ years in security architecture, product security, or senior security engineering roles supporting modern distributed systems.Strong understanding of secure system design, identity and access patterns, API and application security, and cloud-native architecture (AWS preferred).Experience reviewing and guiding threat models in real engineering environments.Interest or experience in securing AI/LLM integrations or developing standards for responsible AI usage; we will support growth in this area.Ability to influence and collaborate effectively across engineering, product, IT, and security.Familiarity with SOC 2, ISO 27001, GDPR, PCI, HIPAA-aligned security requirements, and NIST 800-53 or similar high-assurance control frameworks.Ability to translate regulatory and high-assurance control expectations into practical engineering patterns.Exceptional written and verbal communication, including design feedback and technical documentation.High integrity, sound judgment, and a pragmatic, solution-oriented mindset.Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.
WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
The WHOOP compensation philosophy is designed to attract, motivate, and retain exceptional talent by offering competitive base salaries, meaningful equity, and consistent pay practices that reflect our mission and core values.
At WHOOP, we view total compensation as the combination of base salary, equity, and benefits, with equity serving as a key differentiator that aligns our employees with the long-term success of the company and allows every member of our corporate team to own part of WHOOP and share in the company’s long-term growth and success.
The U.S. base salary range for this full-time position is $185,000 - $200,000. Salary ranges are determined by role, level, and location. Within each range, individual pay is based on factors such as job-related skills, experience, performance, and relevant education or training.
In addition to the base salary, the successful candidate will also receive benefits and a generous equity package.
These ranges may be modified in the future to reflect evolving market conditions and organizational needs. While most offers will typically fall toward the starting point of the range, total compensation will depend on the candidate’s specific qualifications, expertise, and alignment with the role’s requirements.
