Security Architect (5-8 yrs)

Security Architect

About the Role :

The Security Architect plays a pivotal role in safeguarding the organization's critical assets by establishing and maintaining a robust security posture. This position demands a deep understanding of security principles, industry best practices, and emerging threats. The Security Architect will be responsible for leading the design, implementation, and ongoing management of security solutions that effectively mitigate risks and ensure the confidentiality, integrity, and availability of organizational data.

Key Responsibilities :

Security Architecture Leadership :

- Design, implement, and maintain a comprehensive security architecture aligned with industry standards and regulatory requirements (e.g., ISO 27001, NIST Cybersecurity Framework).

- Evaluate and select appropriate security tools and technologies to address identified risks and meet business objectives.

- Integrate security controls into the organization's IT infrastructure, applications, and processes seamlessly.

Security Governance & Risk Management :

- Contribute to the development and maintenance of the Information Security Management System (ISMS).

- Conduct thorough threat modeling, risk assessments, and vulnerability scans to identify potential threats and vulnerabilities.

- Develop and implement effective risk mitigation plans and incident response procedures.

- Oversee security audits and compliance reviews to ensure adherence to relevant standards and regulations.

- Prepare and present concise and informative security reports to management and stakeholders.

Identity & Access Management (IAM) :

- Design and implement robust IAM solutions, including :

1. User provisioning and de-provisioning processes.

2. Role-based access control (RBAC).

3. Privileged access management (PAM).

4. Multi-factor authentication (MFA).

- Continuously monitor and enhance IAM controls to ensure secure access to organizational resources.

Application Security :

- Implement secure coding practices and advocate for secure development lifecycles.

- Conduct comprehensive security assessments of applications, including static and dynamic analysis.

- Integrate security controls (e.g., input validation, encryption, authentication) into applications.

Cloud Security :

- Design and implement robust security controls for cloud environments (e.g., AWS, Azure, GCP).

- Ensure compliance with cloud security standards and best practices.

- Leverage cloud-native security services to enhance the organization's security posture.

Security Awareness & Training :

- Develop and deliver impactful security awareness training programs to employees.

- Conduct phishing simulations to assess employee awareness and response times.

- Foster a strong security-conscious culture within the organization.

Key Areas of Expertise :

Foundational Security Knowledge :

- Strong understanding of fundamental security principles (confidentiality, integrity, availability).

- Proficiency in threat modeling and risk assessment methodologies.

- In-depth knowledge of security controls and countermeasures.

- Expertise in industry standards and regulations (e.g., ISO 27001, NIST Cybersecurity Framework, GDPR).

Security Technologies :

- Deep knowledge of security technologies :

1. Firewalls, intrusion detection/prevention systems (IDS/IPS).

2. Endpoint security solutions (antivirus, anti-malware).

3. Data loss prevention (DLP) systems.

4. Security information and event management (SIEM) systems.

5. Identity and access management (IAM) systems.

6. Cloud security services (e.g., AWS Security Hub, Azure Security Center).

Technical Proficiency :

- Experience with security tools and technologies :

1. Security assessment tools (vulnerability scanners, penetration testing tools).

2. SIEM platforms.

3. DLP solutions.

4. Endpoint protection platforms.

5. Identity and access management platforms.

6. Cloud security platforms.

Communication & Interpersonal Skills :

- Excellent communication skills, both written and verbal, with the ability to clearly convey complex technical information to both technical and non-technical audiences.

- Strong presentation and facilitation skills.

- Ability to build and maintain strong relationships with stakeholders across the organization.

Qualifications :

- Bachelor's degree in Computer Science, Information Security, or a related field.

- 5+ years of experience in information security roles, with a strong focus on security architecture and engineering.

- Relevant industry certifications (e.g., CISSP, CISM, CISA, CCSK) are highly preferred.

- Experience with cloud security architectures (AWS, Azure, GCP) is highly desirable.

- Strong understanding of scripting languages (e.g., Python, PowerShell).