Cybersecurity Architect

POSITION SUMMARY
The Cybersecurity Architect will be responsible for evaluating our current architecture,
defining a future roadmap, and establishing a robust reference security architecture. This role requires an individual who can integrate security best practices into all layers of our
technology stack while collaborating with multiple teams to ensure alignment. You will work across various disciplines such as static and dynamic code analysis, container security,
malware detection, and more.

KEY RESPONSIBILITIES
Security Architecture Development:
Conduct a thorough assessment of the existing security architecture across application
development, infrastructure, and DevOps.
Define and document a scalable reference architecture to serve as a north star for all
security efforts.
Develop and manage the implementation of a long-term security roadmap that aligns with
organizational goals and compliance requirements.
Application Security:
Implement and oversee static and dynamic code analysis tools to identify vulnerabilities
in the development lifecycle (e.g., SAST, DAST, IAST).
Work closely with development teams to ensure security is integrated into every stage of
the software development life cycle (SDLC).
Conduct threat modeling and risk assessments of applications.
DevSecOps and Infrastructure Security:
Champion security in the CI/CD pipelines by implementing best practices and automation
tools for secure code deployment.
Ensure container security best practices are followed, including vulnerability
management for Docker, Kubernetes, and other container environments.
Collaborate with the infrastructure team to secure both on-prem and cloud environments,
focusing on identity and access management (IAM), network security, and firewalls.
Risk Management and Malware Protection:
Establish proactive security monitoring, incident detection, and response capabilities for
potential threats, including malware detection.
Lead efforts in vulnerability management, penetration testing, and security audits.
Define and implement policies for handling security incidents, including malware and
other advanced persistent threats (APTs).
Governance, Compliance, and Auditing:
Ensure compliance with industry standards and regulatory frameworks such as GDPR,
HIPAA, SOC 2, etc.
Develop and enforce security governance policies that ensure continuous compliance with
internal and external audits.
Team Collaboration and Leadership:
Serve as a security advisor to development, infrastructure, and DevOps teams, providing
guidance on secure architecture patterns.
Lead cross-functional teams to deliver security initiatives on time and within scope.
Conduct regular training sessions to enhance the security awareness of technical and nontechnical staff.
Celebrating 10 Glorious Years!

REQUIRED SKILLS
12+ years of experience in IT and 5+ years of experience in cybersecurity roles with a focus on architecture and security leadership.
Strong expertise in static and dynamic code analysis (SAST, DAST, IAST) and related tools (e.g., SonarQube, Fortify, Veracode).
Proven experience implementing DevSecOps practices in a CI/CD environment.
Deep knowledge of container security (Docker, Kubernetes) and cloud security across platforms like AWS, Azure, or Google Cloud.
Experience with malware protection and endpoint security solutions.
Hands-on experience with infrastructure security (IAM, network segmentation, firewalls, IDS/IPS, VPNs, etc.).
Thorough understanding of security frameworks (NIST, ISO 27001) and regulatory standards (GDPR, HIPAA, SOC 2).
Experience with vulnerability management, risk assessment, penetration testing, and incident response.
Familiarity with encryption standards, key management, and data protection techniques.
Excellent leadership, communication, and project management skills, with experience leading security initiatives across multi-disciplinary teams.

PREFERRED SKILLS
Industry certifications such as CISSP, CISM, CEH, AWS Certified Security Specialty, GIAC, or equivalent.
Experience with security automation and orchestration tools.
Familiarity with Zero Trust Architecture and advanced security models.